Описание
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:feehi:feehicms:2.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.0005
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-125
CWE-125
Связанные уязвимости
EPSS
Процентиль: 15%
0.0005
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-125
CWE-125