CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24674
https://notcve.org/view.php?id=CVE-2023-24674
01 Sep 2023 — Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. Una vulnerabilidad de Permisos encontrada en Bludit CMS v.4.0.0 permite a atacantes locales escalar privilegios a través del parámetro role:admin. • https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31572
https://notcve.org/view.php?id=CVE-2023-31572
16 May 2023 — An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 •