Описание
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:arzdev:gemini_lite:3.5:*:*:*:*:*:*:*
cpe:2.3:a:arzdev:gemini_lite:3.6:*:*:*:*:*:*:*
cpe:2.3:a:arzdev:gemini_portal:4.7:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02645
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
EPSS
Процентиль: 85%
0.02645
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264