Описание
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:comsenz:discuzx:x3.4:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00284
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
EPSS
Процентиль: 51%
0.00284
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287