CVE-2024-12483

Source
https://cve.org/CVERecord?id=CVE-2024-12483
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12483.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12483
Published
2024-12-11T20:00:15.323Z
Modified
2026-07-08T06:27:16.641640769Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Dromara UJCMS User ID id authorization
Details

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12483.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-285",
        "CWE-639"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "9.6.0"
                },
                {
                    "last_affected": "9.6.0"
                },
                {
                    "introduced": "9.6.1"
                },
                {
                    "last_affected": "9.6.1"
                },
                {
                    "introduced": "9.6.2"
                },
                {
                    "last_affected": "9.6.2"
                },
                {
                    "introduced": "9.6.3"
                },
                {
                    "last_affected": "9.6.3"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/dromara/ujcms

Affected ranges

Type
GIT
Repo
https://github.com/dromara/ujcms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.6.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.0.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v3.*
v3.0.0
v3.0.1
v3.1.0
v4.*
v4.1.1
v4.1.2
v4.1.3
v5.*
v5.5.1
v5.5.2
v6.*
v6.0.2
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v8.*
v8.0.2
v9.*
v9.0.3
v9.0.4
v9.0.5
v9.1.0
v9.1.1
v9.1.4
v9.5.0
v9.5.1
v9.6.0
v9.6.1
v9.6.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12483.json"