Exploitation Summary
EIP tracks 2 public exploits for CVE-2020-24028. PoCs published by redteambrasil, underprotection.
AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2020-24028, describing an insecure permissions vulnerability in ForLogic Qualiex v1 and v3. The vulnerability allows authenticated customers to escalate privileges via user creation, password changes, or permission updates.
Description
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced server-side, restricting actions to the user’s own permission scope."
Exploits (2)
This repository contains a detailed writeup for CVE-2020-24028, describing an insecure permissions vulnerability in ForLogic Qualiex v1 and v3. The vulnerability allows authenticated customers to escalate privileges via user creation, password changes, or permission updates.
This repository contains a writeup for CVE-2020-24028, detailing an insecure permissions vulnerability in ForLogic Qualiex v1 and v3. The vulnerability allows authenticated customers to escalate privileges via user creation, password changes, or permission updates.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H