# CVE-2020-24028
------------------------------------------
## [Description]
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.
------------------------------------------
## [Important Dates]
- Announcement (to Vendor): 2020-07-12
- Public disclosure date: 2020-08-31
------------------------------------------
## [Vulnerability Type]
Insecure Permissions
------------------------------------------
## [Vendor of Product]
ForLogic
------------------------------------------
## [Affected Product Code Base]
- Qualiex - v1
- Qualiex - v3
- Other versions may be affected, especially in the same family (not tested yet)
------------------------------------------
## [Affected Component]
Qualiex
------------------------------------------
## [Attack Type]
Remote
------------------------------------------
## [Impact Escalation of Privileges]
True
------------------------------------------
## [Impact Information Disclosure]
True
------------------------------------------
## [Attack Vectors]
Authenticated permission bypass permits password changes, user creation and privilege escalation on user's information update
------------------------------------------
## [Has vendor confirmed or acknowledged the vulnerability?]
True
------------------------------------------
## [Discoverer]
Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)
------------------------------------------
## [Thanks to]
Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure
------------------------------------------
## [Reference]
- https://www.underprotection.com.br
- https://forlogic.net
- https://qualiex.com
- https://github.com/underprotection/CVE-2020-24028
[4.0K] /data/pocs/df232331cdcc988bb93c565fb89cebd393b9d8b4
├── [ 11K] LICENSE
└── [1.8K] README.md
0 directories, 2 files