Homepage
About Snyk

Exposed Dangerous Method or Function Affecting orchid/platform package, versions >=8.0, <14.43.0

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-ORCHIDPLATFORM-8366559
  • published 12 Nov 2024
  • disclosed 11 Nov 2024
  • credit Vladislav Gladky
Report a new vulnerability Found a mistake?

Introduced: 11 Nov 2024

New CVE-2024-51992 Open this link in a new tab
CWE-749 Open this link in a new tab

How to fix?

Upgrade orchid/platform to version 14.43.0 or higher.

Overview

orchid/platform is a Platform for back-office applications, admin panel or CMS your Laravel app.

Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the asynchronous modal functionality via the Screen class. An attacker can call arbitrary methods leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server's IP address by exploiting the method exposure issue.

Workaround

This vulnerability can be mitigated by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
5.1 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    None
  • Integrity (VI)
    None
  • Availability (VA)
    None
  • Confidentiality (SC)
    Low
  • Integrity (SI)
    None
  • Availability (SA)
    None