제출 #632536: HuangDou UTCMS V9 login function verification code bypasses vulnerability정보

제목HuangDou UTCMS V9 login function verification code bypasses vulnerability
설명The background login page of UTCMS V9 (app/modules/ut-frame/admin/login.php) has a logical flaw in verifying the verification code submitted by the user. Due to the loose == comparison operator used, and in some cases $_SESSION['authcode'] may be null, an attacker can bypass verification by submitting an empty verification code. "" == null is judged to be true in PHP, which completely invalidates the verification code mechanism. This allows attackers to perform dictionary attacks or brute force cracking on backend user accounts without restrictions.
원천⚠️ https://github.com/August829/Yu/blob/main/20250811_2.md
사용자
 Yu Bao (UID 88956)
제출2025. 08. 12. PM 03:47 (11 개월 ago)
모더레이션2025. 08. 24. PM 04:52 (12 days later)
상태수락
VulDB 항목321237 [HuangDou UTCMS 9 Login login.php code 권한 상승]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!