| tiêu đề | PuneethReddyHC's Online Shopping System Advanced v1.0 is vulnerable to authentication bypass via reg.php, An attacker can register himself as a admin and get access to admin panel. |
|---|
| Mô tả | ### Summary:
PuneethReddyHC's Online Shopping System Advanced v1.0 is vulnerable to authentication bypass via reg.php, An attacker can register himself as a admin and get access to admin panel.
### VENDOR HOMEPAGE: https://github.com/PuneethReddyHC/online-shopping-system-advanced
### SOFTWARE LINK: https://github.com/PuneethReddyHC/online-shopping-system-advanced
### CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
### Proof Of Concept:
1. Open http://localhost/online-shopping-system-advanced-master/admin/reg.php
3. Input your details
4. You'll be in admin panel
|
|---|
| Người dùng | kr1shna4garwal (UID 49100) |
|---|
| Đệ trình | 19/06/2023 15:48 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 20/06/2023 13:43 (22 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 232009 [PuneethReddyHC Online Shopping System Advanced 1.0 Admin Registration /admin/reg.php xác thực yếu] |
|---|
| điểm | 17 |
|---|