← back
CVE-2024-6695

profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation

CVSS 9.8 CRITICALEPSS 0.8%
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →