Gửi #632536: HuangDou UTCMS V9 login function verification code bypasses vulnerabilitythông tin

tiêu đềHuangDou UTCMS V9 login function verification code bypasses vulnerability
Mô tảThe background login page of UTCMS V9 (app/modules/ut-frame/admin/login.php) has a logical flaw in verifying the verification code submitted by the user. Due to the loose == comparison operator used, and in some cases $_SESSION['authcode'] may be null, an attacker can bypass verification by submitting an empty verification code. "" == null is judged to be true in PHP, which completely invalidates the verification code mechanism. This allows attackers to perform dictionary attacks or brute force cracking on backend user accounts without restrictions.
Nguồn⚠️ https://github.com/August829/Yu/blob/main/20250811_2.md
Người dùng
 Yu Bao (UID 88956)
Đệ trình12/08/2025 15:47 (cách đây 11 các tháng)
Kiểm duyệt24/08/2025 16:52 (12 days later)
Trạng tháiđược chấp nhận
Mục VulDB321237 [HuangDou UTCMS 9 Login login.php code nâng cao đặc quyền]
điểm20

Might our Artificial Intelligence support you?

Check our Alexa App!