Описание
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
Ссылки
- Product
- Exploit
- Third Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ulicms:ulicms:2023.1:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00164
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
EPSS
Процентиль: 38%
0.00164
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862