CVE-2026-13549
⚪ Do wiadomości
Obejście autoryzacji w CodeAstro Complaint Management System umożliwia zdalny atak.
CVSS
5.4
EPSS
0.3%
Exploit
none
Vendor
Opis źródłowy (NVD)
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-29 09:16:27 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 18:41:05 UTC |
Referencje
- https://codeastro.com/ (cna@vuldb.com)
- https://github.com/ashikmd0507/CVE/tree/main/Unauthenticated%20Arbitrary%20Report%20%26%20File%20Deletion (cna@vuldb.com)
- https://vuldb.com/cve/CVE-2026-13549 (cna@vuldb.com)
- https://vuldb.com/submit/843260 (cna@vuldb.com)
- https://vuldb.com/vuln/374557 (cna@vuldb.com)
- https://vuldb.com/vuln/374557/cti (cna@vuldb.com)