CVE-2024-37767

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

References

Link	Resource
https://github.com/b1ackc4t/14Finger/issues/12	Issue Tracking Vendor Advisory Exploit
https://github.com/b1ackc4t/14Finger/issues/12	Issue Tracking Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-05 17:15

Updated : 2025-07-01 14:17

NVD link : CVE-2024-37767

Mitre link : CVE-2024-37767

CVE.ORG link : CVE-2024-37767

JSON object : View

Products Affected

b1ackc4t

CWE

CWE-306

Missing Authentication for Critical Function