Exploitation Summary
EIP tracks 2 public exploits for CVE-2020-24029. PoCs published by redteambrasil, underprotection.
AI-analyzed exploit summary This repository contains a writeup for CVE-2020-24029, detailing an incorrect access control vulnerability in ForLogic Qualiex v1 and v3 that allows unauthenticated password changes, leading to privilege escalation and information disclosure.
Description
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated against registered user emails and require a valid, short-lived token."
Exploits (2)
This repository contains a writeup for CVE-2020-24029, detailing an incorrect access control vulnerability in ForLogic Qualiex v1 and v3 that allows unauthenticated password changes, leading to privilege escalation and information disclosure.
This repository contains a writeup for CVE-2020-24029, detailing an unauthenticated password change vulnerability in ForLogic Qualiex v1 and v3. The vulnerability allows remote attackers to bypass authentication and escalate privileges or disclose information via a simple request.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H