Exposed Dangerous Method or Function

Summary

Orchid is a @laravel package allowing for rapid development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform's asynchronous modal functionality, affecting users of Orchid Platform version 8.0.0 through 14.43.0. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potentially brute force of database tables, validation checks against user credentials, and disclosure of the server's real IP address. users can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.