| Titel | Yunzmall <=2.4.2 Arbitrary User Password Reset Vulnerability |
|---|
| Beschreibung | YunzMall version ≤2.4.2 has an Arbitrary User Password Reset Vulnerability in the /app/platform/controllers/ResetpwdController.php file, which allows unauthenticated attackers to reset any user's password, including the admin's, by sending a crafted POST request to the /admin/changePwd endpoint. |
|---|
| Quelle | ⚠️ https://note.zhaoj.in/share/DsijzdQDJSAp |
|---|
| Benutzer | glzjin (UID 59815) |
|---|
| Einreichung | 29.12.2024 14:57 (vor 1 Jahr) |
|---|
| Moderieren | 08.01.2025 18:04 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 290819 [YunzMall bis 2.4.2 HTTP POST Request ResetpwdController.php changePwd pwd erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|