Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40616: thinkcmf v5.17 unauthorized vulnerability · Issue #722 · thinkcmf/thinkcmf

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.

CVE
Open in Source
#vulnerability#php#auth

thinkcmf v5.17 found an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. By default, the password of the administrator account with id 1 cannot be modified.

Vulnerable Files:/public/plugins/portal/controller/AdminRbacController.php

Browser access /admin/user/edit/id/1.html,Modify the password of the administrator account with id 1.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE