CVE‑2024‑55585: Unauthenticated Admin API Access in moPS App
CVE‑2024‑55585 is a high to critical severity vulnerability affecting the moPS App through version 1.8.618. The flaw allows unauthenticated users to call administrative API endpoints such as “/api/v1/users/resetpassword” enabling unintended read/write operations on the app. Vulnerability Details Exploitation Path Due to missing authentication checks on administrative endpoints, unauthenticated or low‑privileged users can access and execute […]