Описание
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zzcms:zzcms:8.2:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00222
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
EPSS
Процентиль: 45%
0.00222
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287