提出 #848741: maccms maccms10 10 Logical Vulnerability / Auth Bypass情報

タイトルmaccms maccms10 10 Logical Vulnerability / Auth Bypass
説明A logical vulnerability in the installation module of maccms10 allows unauthenticated remote attackers to bypass the installation lock. The step5() function in application/install/controller/Index.php fails to check for the existence of the install.lock file before execution. By sending a crafted POST request to /admin.php?s=install/index/index&step=5, an attacker can re-initialize the system, overwrite configurations, and create a new administrative account.
ソース⚠️ https://github.com/trustbigcat/CVE/
ユーザー
 luther (UID 97566)
送信2026年06月05日 05:33 (1 月 ago)
モデレーション2026年07月12日 13:05 (1 month later)
ステータス承諾済み
VulDBエントリ377845 [MacCMS Pro 迄 2022.1000.3005 Installation Index.php step5 特権昇格]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!