Share
## https://sploitus.com/exploit?id=E99B5FBF-746F-5825-AD5F-D318F810796B
# CVE-2026-24134-PoC

## Overview

This repository contains the Proof of Concept (PoC) for **CVE-2026-24134**, a Broken Object Level Authorization (BOLA) vulnerability in StudioCMS.

## Contents

- `cve_2026_24134_poc.py` - Python exploitation script

## Prerequisites
- StudioCMS "Currently the rank level check to redirect is being done in client JS, which was supposed to be replaced shortly there after."

**The Fix:** Move authorization from client to server.

**Key Principle:** Never trust the client. Client-side security = UX enhancement. Server-side security = actual protection.

## Legal Disclaimer

**IMPORTANT:** This tool is provided for educational and authorized security testing purposes only.

- Only use against systems you own or have explicit written permission to test
- Unauthorized access to computer systems is illegal in most jurisdictions
- The author assumes no liability for misuse of this tool
- Always follow responsible disclosure practices

## References

- **CVE:** CVE-2026-24134
- **CVSS:** 6.5 High
- **CWE:** CWE-639
- **OWASP:** API1:2023 - Broken Object Level Authorization

## Contact

For questions about this PoC or vulnerability:
- **Author:** Filipe Gaudard

## License

This PoC is released for educational purposes. Use responsibly and ethically.