CVE-2024-42759

Medium

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.

mitre·CWE-592·Published 2024-09-09

CVSS

6.3

EPSS

0.00

KEV

Exploits

cve.orgen

130 chars

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.

NVDen

130 chars

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.

Un problema en Ellevo v.6.2.0.38160 permite que un atacante remoto escale privilegios a través del endpoint /api/usuario/cadastrodesuplente.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.3	—	—	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.1	Primary	cve.org	6.3	—	—	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.1	Secondary	NVD	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L