| Titolo | Yunzmall <=2.4.2 Arbitrary User Password Reset Vulnerability |
|---|
| Descrizione | YunzMall version ≤2.4.2 has an Arbitrary User Password Reset Vulnerability in the /app/platform/controllers/ResetpwdController.php file, which allows unauthenticated attackers to reset any user's password, including the admin's, by sending a crafted POST request to the /admin/changePwd endpoint. |
|---|
| Fonte | ⚠️ https://note.zhaoj.in/share/DsijzdQDJSAp |
|---|
| Utente | glzjin (UID 59815) |
|---|
| Sottomissione | 29/12/2024 14:57 (1 Anno fa) |
|---|
| Moderazione | 08/01/2025 18:04 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 290819 [YunzMall fino a 2.4.2 HTTP POST Request ResetpwdController.php changePwd pwd escalationi di privilegi] |
|---|
| Punti | 17 |
|---|