| Название | student-management-system resetPassword.php user password reset |
|---|
| Описание | The step of modifying the password was not verified, resulting in the ability to directly enter the website where the final password was modified, directly redirect to the page, and then enter a new password to reset the password, resulting in a everybody password reset student-management-system does not filter the content correctly at the "resetPassword.php" sid module, resulting in anyone password reset. |
|---|
| Источник | ⚠️ https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/password_reset.md |
|---|
| Пользователь | webray.com.cn (UID 24778) |
|---|
| Представление | 31.05.2023 11:57 (3 лет назад) |
|---|
| Модерация | 31.05.2023 13:01 (1 hour later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 230354 [ningzichun Student Management System 1.0 Password Reset resetPassword.php sid эскалация привилегий] |
|---|
| Баллы | 19 |
|---|