‼️Privilege Escalation
OvalEdge 5.2.8.0 and earlier is affected by privilege escalation vulnerabilities.
Privilege Escalation - OE_ADMIN role can escalate privileges to any defined role (authenticated)
CVE-2022-30356
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role.
https://example.com/ovaledge/user/assignuserrole
RAW Request
Last updated