Description

A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.

Related CPE's

a

supremainc

biostar_2

2.8.16

Vulnerable

References

https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator/

ExploitThird Party Advisory

https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx

ExploitThird Party Advisory

https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator/

ExploitThird Party Advisory

https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-269

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-09-19T19:15:09.627Z

3 years ago

Last modified

2025-05-29T14:15:28.527Z

9 months ago