Submit #418417: QileCMS ≤v1.1.3 Authorization Bypassinfo

TitleQileCMS ≤v1.1.3 Authorization Bypass
DescriptionQileCMS ≤v1.1.3 has an arbitrary account password reset vulnerability. An attacker can send a verification code to an email address they control and use this code to reset the password of any user account, thereby gaining full control over the target account. This vulnerability poses a significant security risk to user accounts.
Source⚠️ https://note.zhaoj.in/share/PZZ7IeudhULs
User
 glzjin (UID 59815)
Submission10/05/2024 10:29 AM (2 months ago)
Moderation10/12/2024 12:04 PM (7 days later)
StatusAccepted
VulDB Entry280234 [QileCMS up to 1.1.3 Verification Code Forget.php sendEmail password recovery]
Points18

Do you need the next level of professionalism?

Upgrade your account now!