CVE-2024-36691 Information

Description

Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users’ account information.

Reference

https://www.yuque.com/beimi-tb0gl/yrgtbp/wi8bg26o3wlfqdaf?singleDoc