Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24029 PoC — ForLogic Qualiex 授权问题漏洞

Source
https://github.com/redteambrasil/CVE-2020-24029
Associated Vulnerability
Title:ForLogic Qualiex 授权问题漏洞 (CVE-2020-24029)
Description:Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated against registered user emails and require a valid, short-lived token."
Readme
# CVE-2020-24029

------------------------------------------

## [Description]

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.

------------------------------------------

## [Important Dates]

- Announcement (to Vendor): 2020-07-12
- Public disclosure date: 2020-08-31

------------------------------------------

## [Vulnerability Type]

Incorrect Access Control

------------------------------------------

## [Vendor of Product]

ForLogic

------------------------------------------

## [Affected Product Code Base]

- Qualiex - v1
- Qualiex - v3
- Other versions may be affected, especially in the same family (not tested yet)

------------------------------------------

## [Affected Component]

Qualiex

------------------------------------------

## [Attack Type]

Remote

------------------------------------------

## [Impact Escalation of Privileges]

True

------------------------------------------

## [Impact Information Disclosure]

True

------------------------------------------

## [Attack Vectors]

Unauthenticated password changes publicly available without special requirements (only the correct request)

------------------------------------------

## [Has vendor confirmed or acknowledged the vulnerability?]

True

------------------------------------------

## [Discoverer]

Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)

------------------------------------------

## [Thanks to]

Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure

------------------------------------------

## [Reference]

- https://www.underprotection.com.br
- https://forlogic.net
- https://qualiex.com
- https://github.com/underprotection/CVE-2020-24029
File Snapshot

 [4.0K]  /data/pocs/263acdf22af28ab10daa7ca652d91984b1cb3d04
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →