Adapt Authoring Tool
Approved changes feed: RSS · Atom
cpe:2.3:a:adapt_authoring_tool:adapt_authoring_tool:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Adapt Authoring Tool (a20a87f4-0189-5558-a9c5-a6f163e5ed07) |
|---|---|
| Product | Adapt Authoring Tool (683d84b6-5453-5ea9-a925-71a62087a606) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-50672 |
vulnerable | 2026-06-03 14:57:25.343752 |
Details available
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
Published: 2024-11-25T00:00:00.000Z
Updated: 2024-11-27T16:33:12.829Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.