CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55507
https://notcve.org/view.php?id=CVE-2024-55507
03 Jan 2025 — An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55507.md • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55509
https://notcve.org/view.php?id=CVE-2024-55509
20 Dec 2024 — SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. • https://github.com/prithivilakshmanan/CSV/blob/main/CVE-2024-55509.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55506
https://notcve.org/view.php?id=CVE-2024-55506
18 Dec 2024 — An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. Una vulnerabilidad IDOR en CodeAstro's Complaint Management System v1.0 (versión con 0 actualizaciones) de CodeAstro permite a un atacante ejecutar código arbitrario y obtener información confidencial a través del archivo delete.php y modificando el parámetro id. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55506.md • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55505
https://notcve.org/view.php?id=CVE-2024-55505
18 Dec 2024 — An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. Un problema en CodeAstro Complaint Management System v.1.0 permite que un atacante remoto escale privilegios a través del componente mess-view.php. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55505.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •