| Título | 大灰狼 WCMS null Authorization Bypass |
|---|
| Descripción | There is an authentication bypass issue in this project.Use MD5 to process the key (fixed key wcms), combine with RC4 algorithm to perform XOR encryption on the data, and output through Base64 encoding; after passing in the encrypted openid value, decrypt to match the uid, and check permissions in the database. So as long as there is a uid, one can freely log into someone else's account. |
|---|
| Fuente | ⚠️ https://gitee.com/nwtmd5/cve/issues/IC6O7D |
|---|
| Usuario | TTTlw1024 (UID 83078) |
|---|
| Sumisión | 2025-05-09 15:33 (hace 12 meses) |
|---|
| Moderación | 2025-05-24 19:32 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 310237 [WCMS hasta 8.3.11 Login getallcon getMemberByUid uid autenticación débil] |
|---|
| Puntos | 19 |
|---|