CVE-2024-50617

High CVSS: 7.5

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

Vendor

Cipplanner

Product

Cipace

CWE

CWE-285

Yayın Tarihi

2026-02-11 22:15:49

Güncelleme

2026-02-13 21:38:59

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-285 Cipace HIGH Cipplanner 2026

Referanslar

https://cipplanner.com/cve-2024-50617-cve-public-notification-of-resolution/

Benzer Kayıtlar

High

CVE-2024-50619

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to es…

High

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage compon…

Medium

CVE-2024-50618

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 all…