Описание
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.4 (включая)
cpe:2.3:a:bti-tracker:bti-tracker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01023
Низкий
7.5 High
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
почти 4 года назад
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
EPSS
Процентиль: 77%
0.01023
Низкий
7.5 High
CVSS2
Дефекты
CWE-255