MidnightBSD

Advisories for electronic_official_document_management_system_project

CVE-2024-6737

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
electronic_official_document_management_system_project electronic_official_document_management_system *