Melis Platform, Unauthenticated Admin Creation, CVE-2024-XXXX (Critical)

By /

Listen to this Post

The CVE-2024-XXXX vulnerability in the Melis Platform’s `melis-core` module stems from an improper access control mechanism on the `/melis/MelisCore/ToolUser/addNewUser` endpoint. This endpoint, designed for creating new user accounts, fails to validate the privileges of the requesting user. Typically, such a function should be restricted to users with existing administrative permissions. However, due to a missing or flawed authorization check, the application processes requests from unauthenticated users. An attacker can send a crafted HTTP POST request to this publicly accessible URL. The request payload contains the necessary parameters, such as username, email, and password, to register a new user account. Crucially, the application logic erroneously assigns administrative privileges to this newly created account without verifying the requester’s identity or role. This allows a remote, unauthenticated attacker to successfully create a fully privileged administrator account, granting them complete control over the CMS platform.
Platform: Melis CMS
Version: melis-core module
Vulnerability: Unauthenticated Admin Creation
Severity: Critical

date: 2024-10-08

Prediction: Patch by 2024-10-25

What Undercode Say:

curl -X POST http://<target>/melis/MelisCore/ToolUser/addNewUser \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "usr_login=attacker&usr_email=attacker@localhost&usr_password=Password123&usr_password2=Password123"

// Example snippet of vulnerable controller logic
public function addNewUserAction()
{
$request = $this->getRequest();
$data = $request->getPost()->toArray();
// Missing check for current user's admin role
$userModel = new UserModel();
$userModel->saveUser($data); // Blindly saves user with data, potentially including role.
}

How Exploit:

Send POST request to `/melis/MelisCore/ToolUser/addNewUser` with admin account parameters.

Protection from this CVE

Apply vendor patch. Restrict access to `/melis/MelisCore/ToolUser/addNewUser` endpoint. Implement proper authorization checks.

Impact:

Full system compromise. Unauthenticated attacker gains admin access.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top