CVE-2024-37440

Published Nov 1, 2024

Last updated 2 months ago

CVSS medium 4.3

Overview

Description
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
Source
audit@patchstack.com
NVD status
Analyzed
Products
church_admin

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

audit@patchstack.com
CWE-862

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0.CVE-2024-50438
  2. Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.CVE-2024-37418
  3. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.CVE-2024-35764
  4. Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.CVE-2024-35637
  5. Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.CVE-2024-31281

References

Sources include official advisories and independent security research.