Description

IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.

INFO

Published Date :

2024-10-04T14:45:41.123Z

Last Modified :

2024-10-04T16:00:38.245Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47769 vulnerability.

Vendors Products
Idurar Project
  • Idurar
Idurarapp
  • Idurar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47769.

URL Resource
https://github.com/idurar/idurar-erp-crm/commit/949bc6fe31f3175c9e1864d30cf6c8110179ac14 cve-icon cve-icon
https://github.com/idurar/idurar-erp-crm/security/advisories/GHSA-948g-2vm7-mfv7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact