Setjob vulnerability?

meinmycar · July 30, 2018, 5:56am

Tonight we had a player who had no admin permissions nor did he have any elevated job roles set his job to police boss.

is anyone aware of a current vulnerability in the police job script or ESX extended which is causing this issue? Or is there possibly a larger vulnerability within FiveM?

We have two suspected players now who have managed to become police chief and in both cases fired the rest of the staff. As an admin I was able to correct their actions but it is concerning that they were able to become police chief in the first place.

Rifleman · July 30, 2018, 10:21am

thats scary, you should ask this on their discord.

SaltyGrandpa · July 30, 2018, 10:45am

No.

They are likely not making themselves bosses, but instead are triggering client events to open the boss menu, since ESX_PoliceJob does not check this client side.

sabbo2001 · July 30, 2018, 5:16pm

Lua injector. Use

to fix.