CVE-2024-12483

LOW

Ujcms < 9.6.3 - Improper Authorization

Title source: rule

Description

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Cyd Tseng · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52264

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.287865

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.287865

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.458895

Scores

CVSS v3 3.7

EPSS 0.0157

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639 CWE-285

Status published

Products (1)

ujcms/ujcms < 9.6.3

Published Dec 12, 2024

Tracked Since Feb 18, 2026