Vulnerabilities > CVE-2024-0356 - Unspecified vulnerability in Mandelo SSM Shiro Blog 1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

mandelo

NVD

Published: 2024-01-10

Updated: 2024-11-21

Summary

A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123.

Vulnerable Configurations

Part	Description	Count
Application	Mandelo Mandelo SSM Shiro Blog 1.0	1

References

https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e
https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e
https://vuldb.com/?ctiid.250123
https://vuldb.com/?ctiid.250123
https://vuldb.com/?id.250123
https://vuldb.com/?id.250123