Home > Vulnerability Database > CVE-2024-39323

Mend.io Vulnerability Database

CVE-2024-39323

Good to know:

Date: July 2, 2024

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

Language: PHP

Severity Score

7.1

Related Resources (7)

Url: https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jrqm

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39323

Url: https://github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056c48e6d26e9

Url: https://github.com/aimeos/ai-admin-graphql

Url: https://github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac99ce7693a9

Url: https://github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c1a171379ca

Url: https://www.mend.io/vulnerability-database/CVE-2024-39323

Severity Score

7.1

Weakness Type (CWE)

Insufficient Granularity of Access Control

CWE-1220

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version aimeos/ai-admin-graphql-2022.10.10,2023.10.6,2024.04.6

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39323

Good to know:

Date: July 2, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?