Vulnerability CVE-2022-38577


Published: 2022-09-19

Description:
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ProcessMaker Privilege Escalation
Sornram Kampeera
20.09.2022

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

 References:
http://processmaker.com
https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing

Copyright 2022, cxsecurity.com

 

Back to Top