1 results (0.002 seconds)
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47657 – Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-47657
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 • CWE-639: Authorization Bypass Through User-Controlled Key •