Flexcity
Monthly
Flexcity versions up to 1.0.36. is affected by authorization bypass through user-controlled key (CVSS 8.3).
Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escalate their privileges through an alternate access path. An attacker with valid credentials can exploit this flaw to gain unauthorized elevated access to the system. No patch is currently available.
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]
Flexcity versions up to 1.0.36. is affected by authorization bypass through user-controlled key (CVSS 8.3).
Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escalate their privileges through an alternate access path. An attacker with valid credentials can exploit this flaw to gain unauthorized elevated access to the system. No patch is currently available.
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]