Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24030 PoC — ForLogic Qualiex 安全漏洞

Source
https://github.com/redteambrasil/CVE-2020-24030
Associated Vulnerability
Title:ForLogic Qualiex 安全漏洞 (CVE-2020-24030)
Description:ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expired, invalidated, and bound to session context. Attempts to alter the token payload to extend its validity do not affect server-side validation."
Readme
# CVE-2020-24030

------------------------------------------

## [Description]

ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and to access sensitive data via token reuse.

------------------------------------------

## [Important Dates]

- Announcement (to Vendor): 2020-07-12
- Public disclosure date: 2020-08-31

------------------------------------------

## [Vulnerability Type]

Incorrect Access Control

------------------------------------------

## [Vendor of Product]

ForLogic

------------------------------------------

## [Affected Product Code Base]

- Qualiex - v1
- Qualiex - v3
- Other versions may be affected, especially in the same family (not tested yet)

------------------------------------------

## [Affected Component]

Qualiex

------------------------------------------

## [Attack Type]

Remote

------------------------------------------

## [Impact Escalation of Privileges]

True

------------------------------------------

## [Impact Information Disclosure]

True

------------------------------------------

## [Attack Vectors]

Weak expiration in authorization token permits reuse to gain privileges and to access sensitive data

------------------------------------------

## [Has vendor confirmed or acknowledged the vulnerability?]

True

------------------------------------------

## [Discoverer]

Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)

------------------------------------------

## [Thanks to]

Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure

------------------------------------------

## [Reference]

- https://www.underprotection.com.br
- https://forlogic.net
- https://qualiex.com
- https://github.com/underprotection/CVE-2020-24030
File Snapshot

 [4.0K]  /data/pocs/5a40d87ba01a1cd8a981944e471ff376efb8b2bf
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →