| tiêu đề | zzcms zzcms2025 Unverified Password Change |
|---|
| Mô tả | The zzcms2025 version has a password reset logic vulnerability at the "Forgot Password" on the login page. It allows modification of any user's password without logging in, causing a password termination logic vulnerability.
1. The password reset process is divided into 3 steps: step1 (enter username) -> step2 (verify email verification code) -> step3 (set new password)
2. In the conditional judgment of step3, `@$_POST['yzm_mobile']==@$_SESSION['yzm_mobile']` is used.
3. If `$_SESSION['yzm_mobile']` is empty (not set), and the attacker does not pass the `yzm_mobile` parameter, the condition becomes `'' == ''`, and the result is `true`.
4. As long as `$_SESSION['username']` is set, the password of that user can be reset. |
|---|
| Nguồn | ⚠️ https://note-hxlab.wetolink.com/share/6RwOb3DAWjbG |
|---|
| Người dùng | airrudder (UID 25092) |
|---|
| Đệ trình | 10/12/2025 07:34 (cách đây 6 các tháng) |
|---|
| Kiểm duyệt | 17/12/2025 16:44 (7 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 175007 [zzcms 201910 /one/getpassword.php nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|