| 标题 | chatwoot 4.11.1 Business Logic Errors |
|---|
| 描述 | Summary
The Chatwoot contains a business logic vulnerability that allows attackers to bypass the intended signup restriction mechanism.
The application checks the response from the server (signupEnabled - Chatwoot config value) to determine whether new user registration is permitted. By intercepting and modifying the server response (using a proxy tool such as Burp Suite), an attacker can change the value of signupEnabled from false to true.
Because the server does not properly enforce this restriction with server-side validation, the manipulated value is accepted, allowing unauthorized users to register accounts (administrative) even when the signup functionality is intended to be disabled.
Details
Vulnerable Endpoint:
GET /app/login HTTP/2
Host: chatwoot.example.com |
|---|
| 用户 | Zabi_Ullah (UID 96130) |
|---|
| 提交 | 2026-03-05 07時35分 (1 月前) |
|---|
| 管理 | 2026-03-27 14時48分 (22 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 353877 [chatwoot 直到 4.11.1 Signup Endpoint /app/login signupEnabled 权限提升] |
|---|
| 积分 | 17 |
|---|