Описание
Incorrect Authorization in thinkcmf
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.
Пакеты
Наименование
thinkcmf/thinkcmf
composer
Затронутые версииВерсия исправления
<= 5.1.7
6.0.0
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.