Key Information Vulnerability Description Vulnerability ID: VDB-285500, CVE-2024-11485 Vulnerability Name: Code4Berry Decoration Management System 1.0 User UserRegister.php Permission Affected Version: Code4Berry Decoration Management System 1.0 Affected Component: User Handler Affected File: /decoration/admin/userregister.php Issue Description: Unknown code block causes a permission vulnerability, which can be triggered by unknown input. Impact: Confidentiality, Integrity, and Availability. CVSS Meta Temp Score: 6.7 Current Exploit Price: $0–$5k CTI Interest Score: 1.74 Vulnerability Details Issue Description: Unknown functionality leads to permission issues, exploitable remotely. Disclosure: Publicly disclosed, but not yet exploited. Contact: Vendor previously received disclosure but did not respond. Technical Details: Known and publicly available. MITRE ATT&CK: T1222 Exploit Difficulty: Easy Exploit Method: Remote attack Search Method: Use Google Hacking to search for "decoration/admin/userregister.php" Recommendations Alternative Product: Recommend replacing the affected component. Related Vulnerability IDs: VDB-157016, VDB-165317, VDB-169161, VDB-173872 Summary This vulnerability is a permission management issue affecting the User Handler component in Code4Berry Decoration Management System 1.0. Attackers can trigger the vulnerability using unknown input. Although the CVSS score is relatively low, the exploit price is high, and technical details are publicly available. It is recommended to replace the affected component to remediate this vulnerability.