An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
Including affected products and versions:
Attendance web management platform 3.0
reference material:
CVE-2024-24257
Types of vulnerabilities or issues:
Unauthorized access
Vulnerability details:
The URL suffix~/user can trigger unauthorized access
Ability to modify permissions and change passwords
Repair suggestion: Perform permission authentication on/user interfaces, etc