go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

WisdomGarden Tronclass - Broken Access Control

TVN ID TVN-202407004
CVE ID CVE-2024-6738
CVSS 5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products Tronclass before version 1.69.61976
Description The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
Solution Update to version 1.69.61976 or later.
Credit Security member
Public Date 2024-07-15
Top