提交 #303196: Junnan Wang and his team Dreamer CMS 4.1.3 Common users have administrator rights信息

标题Junnan Wang and his team Dreamer CMS 4.1.3 Common users have administrator rights
描述As an ordinary account, it should not have the permission to delete attachments, forms and variables, and attackers can delete important files of the system through ordinary accounts.Common users have excessive permissions
来源⚠️ https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf
用户
 hexixi (UID 59932)
提交2024-03-22 21時16分 (2 年前)
管理2024-03-30 07時36分 (7 days later)
状态已接受
VulDB条目258779 [Dreamer CMS 直到 4.1.3 Attachment 权限提升]
积分16

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!