ID:8904 - Exploit for Permissions, Privileges, and Access Controls in eLabFTW - CVE-2022-31007

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:8904 - Exploit for Permissions, Privileges, and Access Controls in eLabFTW - CVE-2022-31007

ID:8904 - Exploit for Permissions, Privileges, and Access Controls in eLabFTW - CVE-2022-31007

Published: March 11, 2023


Vulnerability identifier: #VU64015
Vulnerability risk: Low
CVE-ID: CVE-2022-31007
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
eLabFTW

Link to public exploit:


Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote administrator can assign itself system administrator privileges within the application, or create a new system administrator account. 


Remediation

Install updates from vendor's website.