{"uuid": "e8de8ba7-4f65-43f8-8e55-db8f910d59c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12048", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12048\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.\n\ud83d\udccf Published: 2025-03-20T10:11:27.726Z\n\ud83d\udccf Modified: 2025-03-20T10:11:27.726Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc", "creation_timestamp": "2025-03-20T10:19:42.000000Z"}