Описание
The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 3.4 (включая)
cpe:2.3:a:tru-zone:nukeet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00985
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.
EPSS
Процентиль: 76%
0.00985
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other