Exposed Dangerous Method or Function Affecting orchid/platform package, versions >=8.0, <14.43.0
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-ORCHIDPLATFORM-8366559
- published12 Nov 2024
- disclosed11 Nov 2024
- creditVladislav Gladky
Introduced: 11 Nov 2024
CVE-2024-51992 (opens in a new tab)How to fix?
Upgrade orchid/platform to version 14.43.0 or higher.
Overview
orchid/platform is a Platform for back-office applications, admin panel or CMS your Laravel app.
Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the asynchronous modal functionality via the Screen class. An attacker can call arbitrary methods leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server's IP address by exploiting the method exposure issue.
Workaround
This vulnerability can be mitigated by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.