Описание
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.20 (включая)
Одно из
cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
debian
больше 11 лет назад
TeamPass before 2.1.20 allows remote attackers to bypass access restri ...
github
больше 3 лет назад
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
EPSS
Процентиль: 57%
0.00349
Низкий
7.5 High
CVSS2
Дефекты
CWE-264