Submeter #749716: Vichan Devel Vichan 5.1.5 Unverified Password Changeinformação

TítuloVichan Devel Vichan 5.1.5 Unverified Password Change
DescriçãoAn authentication bypass in the password change mechanism (CWE-620) exists in vichan. An authenticated moderator can change their own password without supplying the current password. The application relies solely on an active session and permission checks, without re-authentication or password verification. If an attacker gains access to a valid moderator session (e.g., via XSS, CSRF, session fixation, or stolen cookies), they can permanently take over the account by changing the password.
Fonte⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/vichan.md
Utilizador
 lakshay12311 (UID 91298)
Submissão31/01/2026 11h45 (há 3 meses)
Moderação15/02/2026 16h51 (15 days later)
EstadoAceite
Entrada VulDB346152 [vichan-devel vichan até 5.1.5 Password Change inc/mod/pages.php Senha Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!