CVE-2024-22078

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-280
View all →

Vulnerability Description

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.

Related Vulnerabilities

CVE-2019-6570

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorizat...

CWE-2802019

CVE-2022-2193

HIGH
CVSS:8.8(High)

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in ...

CWE-2802022

CVE-2024-25108

HIGH
CVSS:8.8(High)

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users inte...

CWE-2802024

CVE-2024-36451

HIGH
CVSS:8.8(High)

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by a...

CWE-2802024

CVE-2025-29826

HIGH
CVSS:8.8(High)

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CWE-2802025

CVE-2022-4863

HIGH
CVSS:8.4(High)

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

CWE-2802022