| tiêu đề | Administrator password reset vulnerability exists in RapidCMS Dev.1.3.1 |
|---|
| Mô tả | [Suggested description]
RapidCMS Dev.1.3.1 was discovered to contain Administrator password reset vulnerability in `admin/run-movepass.php`.
[Vulnerability Type]
Unauthorized Access Vulnerability
[Vendor of Product]
https://github.com/OpenRapid/rapidcms
[Affected Product Code Base]
RapidCMS Dev.1.3.1
[Attack Type]
Remote
[Vulnerability demonstration]
https://github.com/OpenRapid/rapidcms/issues/5
[Cause of vulnerability]
In `admin/run-movepass.php`, the developer did not perform user permission authentication on the access to the file, and the attacker could control the values of the `password` and `password2` parameters, thereby unauthorized modification of the administrator password. |
|---|
| Nguồn | ⚠️ https://github.com/OpenRapid/rapidcms/issues/5 |
|---|
| Người dùng | TXPH (UID 50296) |
|---|
| Đệ trình | 13/08/2023 10:34 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 20/08/2023 09:11 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 237569 [OpenRapid RapidCMS 1.3.1 admin/run-movepass.php password/password2 nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|