iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation
Posted by deepcore on November 6, 2020 – 7:05 pm
iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.
Post a reply
You must be logged in to post a comment.