CVE-2024-56889

HighPublic PoC

Published: 06 February 2025

Published

06 February 2025

Modified

18 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0336 87.4th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56889 is a high-severity Improper Access Control (CWE-284) vulnerability in Codeastro Complaint Management System. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-14 (Public Access Protections).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to the /admin/m_delete.php endpoint, directly preventing unauthorized deletion of complaints via id parameter modification.

SC-14 Public Access Protections good match

prevent

Protects publicly accessible interfaces like /admin/m_delete.php from unauthorized modification or deletion of complaints.

SI-10 Information Input Validation partial match

prevent

Validates and sanitizes the id parameter input to block unauthorized tampering leading to arbitrary complaint deletions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

The vulnerability is an access control flaw in a public-facing web application endpoint allowing unauthorized arbitrary deletion of stored data (complaints), enabling T1190 (Exploit Public-Facing Application) and T1565.001 (Stored Data Manipulation).

NVD Description

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.

Deeper analysisAI

CVE-2024-56889 is an incorrect access control vulnerability in the /admin/m_delete.php endpoint of CodeAstro Complaint Management System version 1.0. Published on 2025-02-06, it enables unauthorized attackers to arbitrarily delete complaints by modifying the id parameter. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and maps to CWE-284 (Improper Access Control).

The vulnerability is exploitable remotely over the network with low attack complexity, requiring no authentication privileges, no user interaction, and maintaining unchanged impact scope. Successful exploitation results in high integrity impact through unauthorized deletion of complaints, without affecting confidentiality or availability.

Mitigation details are available in the referenced advisory at https://github.com/vigneshr232/CVE-2024-56889/blob/main/CVE-2024-56889.md.