Описание
FeehiCMS fails to enforce server-side immutability
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.
Пакеты
Наименование
feehi/feehicms
composer
Затронутые версииВерсия исправления
= 2.1.1
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
2 месяца назад
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.