CVE-2024-46310
published 2025-01-13CVE-2024-46310: Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
PriorityP269critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.39%
81.9th percentile
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
Detection & IOCsextracted from sources · hover to see the quote
- ·The vulnerable endpoint is unauthenticated and exposed by default on FXServer v9601 and earlier; no credentials or session tokens are required to trigger the information disclosure. ↗
- ·The Nuclei template is marked max-request: 1, meaning a single HTTP GET to /players.json is sufficient to confirm exploitation; no multi-step interaction is needed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
FXServer < v9601 - Information Exposure
nuclei·CVSS 9.1
CVE-2024-46310 [CRITICAL] FXServer < v9601 - Information Exposure
FXServer < v9601 - Information Exposure
Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint.
Template:
id: CVE-2024-46310
info:
name: FXServer < v9601 - Information Exposure
author: s4e-io
severity: medium
description: |
Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint.
impact: |
Unauthenticated users can access and modify sensitive userdata including player identifiers and connection information.
remediation: |
Update FXServer to a version later than v9601 that patches the access control vulnerability.
reference:
- https://github.com/UwUtisum/CVE-2024-46310
- ht
No writeups or analysis indexed.
2025-01-13
Published