Описание
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
EPSS
Процентиль: 22%
0.00074
Низкий
7.5 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
9 дней назад
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
EPSS
Процентиль: 22%
0.00074
Низкий
7.5 High
CVSS3
Дефекты
CWE-639