Security features bypass in JQueryForm.com

#VU60720 Security features bypass in JQueryForm.com

Published: 2022-02-18

Vulnerability identifier: #VU60720

Vulnerability risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24985

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JQueryForm.com
Web applications / Modules and components for CMS

Vendor:

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to a security bypass issue. A remote user can send a specially crafted request to bypass authentication and access the administrative section of other forms hosted on the same web server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://JQueryForm.com
http://www.nou-systems.com/cyber-security
http://gist.github.com/pb-nsi/4d0a1ede76d4e97083b3435f820bf560

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in JQueryForm.com