Описание
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.0 (включая)
cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-425
EPSS
Процентиль: 12%
0.00039
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-425