Home > Vulnerability Database > CVE-2024-12666

Mend.io Vulnerability Database

CVE-2024-12666

Date: December 16, 2024

A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Language: PHP

Severity Score

4.7

Related Resources (6)

Url: https://vuldb.com/?ctiid.288535

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12666

Url: https://vuldb.com/?id.288535

Url: https://vuldb.com/?submit.461120

Url: https://github.com/Jack-Black-13/blob/blob/main/ClassCMS%20V4.8%20Vertical%20Privilege%20Escalation.md

Url: https://www.mend.io/vulnerability-database/CVE-2024-12666

Severity Score

4.7

Weakness Type (CWE)

Incorrect Privilege Assignment

CWE-266

Improper Handling of Insufficient Privileges

CWE-274

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	MULTIPLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12666

Date: December 16, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?