Vulnerabilities > CVE-2024-47651 - Unspecified vulnerability in Shilpi Client Dashboard

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

shilpi

NVD

Published: 2024-10-04

Updated: 2024-10-10

Summary

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.

Vulnerable Configurations

Part	Description	Count
Application	Shilpi Shilpi Client Dashboard *	1

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313