## https://sploitus.com/exploit?id=E99B5FBF-746F-5825-AD5F-D318F810796B
# CVE-2026-24134-PoC
## Overview
This repository contains the Proof of Concept (PoC) for **CVE-2026-24134**, a Broken Object Level Authorization (BOLA) vulnerability in StudioCMS.
## Contents
- `cve_2026_24134_poc.py` - Python exploitation script
## Prerequisites
- StudioCMS "Currently the rank level check to redirect is being done in client JS, which was supposed to be replaced shortly there after."
**The Fix:** Move authorization from client to server.
**Key Principle:** Never trust the client. Client-side security = UX enhancement. Server-side security = actual protection.
## Legal Disclaimer
**IMPORTANT:** This tool is provided for educational and authorized security testing purposes only.
- Only use against systems you own or have explicit written permission to test
- Unauthorized access to computer systems is illegal in most jurisdictions
- The author assumes no liability for misuse of this tool
- Always follow responsible disclosure practices
## References
- **CVE:** CVE-2026-24134
- **CVSS:** 6.5 High
- **CWE:** CWE-639
- **OWASP:** API1:2023 - Broken Object Level Authorization
## Contact
For questions about this PoC or vulnerability:
- **Author:** Filipe Gaudard
## License
This PoC is released for educational purposes. Use responsibly and ethically.