Описание
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.1 (исключая)
cpe:2.3:a:sfcyazilim:sonlogger:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03115
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 8.2
github
больше 3 лет назад
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
EPSS
Процентиль: 86%
0.03115
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306