CVE-2024-51992 – Method Exposure Vulnerability in Modals in orchid/platform

https://notcve.org/view.php?id=CVE-2024-51992

11 Nov 2024 — Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brute force of database tables, validatio... • https://github.com/orchidsoftware/platform/security/advisories/GHSA-cm46-gqf4-mv4f • CWE-749: Exposed Dangerous Method or Function •