exploitDog

GHSA-f723-5hmm-wfxv

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

Ссылки

EPSS

Процентиль: 29%

0.00108

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2019-10014

CVSS3: 6.5

nvd

почти 7 лет назад

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

EPSS

Процентиль: 29%

0.00108

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863