exploitDog

CVE-2023-53914

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.

Ссылки

https://web.archive.org/web/20230314183734/https://en.ulicms.de/
Product
https://www.exploit-db.com/exploits/51486
Exploit
https://www.vulncheck.com/advisories/ulicms-authentication-bypass-via-mass-assignment-vulnerability
Third Party Advisory
https://www.exploit-db.com/exploits/51486
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ulicms:ulicms:2023.1:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-7ff4-756p-256w

CVSS3: 9.8

github

около 2 месяцев назад

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.

EPSS

Процентиль: 77%

0.01063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-639