जमा करें #797463: Eleveo Call Recording 9.7.0 Broken Access Controlजानकारी

शीर्षकEleveo Call Recording 9.7.0 Broken Access Control
विवरणMultiple Broken Access Control vulnerabilities in Eleveo Call Recording 9.7.0 allow low-privileged authenticated users, including those without “Users and Roles” privilege, to access group configuration details via /callrec/group.jsp and /callrec/user_search.jsp endpoints. The backend does not properly enforce role-based access control, allowing unauthorized users to retrieve information about system groups. The exposed data includes group names, phone number filters, parent group relationships, descriptions, and assigned privileges. This information should be restricted to authorized administrative users. Impact - Disclosure of group configuration details, including group names, phone number filters, parent group relationships, descriptions, and assigned privileges. - Exposure of internal access control structure, which may assist attackers in identifying privileged groups and planning further attacks. PoC Comprehensive reproduction steps, including supporting screenshots, are available via the shared private link. Public disclosure will occur on GitHub after the responsible disclosure period of approximately 90 days has elapsed. Note Contact with the vendor was initiated on March 10, and no response has been received as of the submission date. The provided PoC is accessible via a restricted link and is intended solely for review purposes by anyone possessing the link. I plan to reserve a CVE early, with public disclosure scheduled after 90 days from the initial contact date, at which point the advisory will be published on my GitHub repository. The information shared here is provided exclusively to the VulnDB team to ensure awareness and understanding of the vulnerability details.
स्रोत⚠️ https://drive.google.com/file/d/1mzZ3HKLoMpr44cgxK70xiE2weddfvTsE/view?usp=sharing
उपयोगकर्ता
 omarelshopky (UID 85487)
सबमिशन05/04/2026 10:04 PM (3 महीनों पहले)
संयम11/07/2026 11:33 AM (3 months later)
स्थितिस्वीकृत
VulDB प्रविष्टि377775 [Eleveo Call Recording Software 9.7.0 /callrec/group.jsp अधिकार वृद्धि]
अंक20

Want to know what is going to be exploited?

We predict KEV entries!