Last active
September 20, 2023 06:18
-
-
Save ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc to your computer and use it in GitHub Desktop.
CVE-2023-42321
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-42321 | |
| [CNVD-ID] | |
| CNVD-2023-68150 | |
| [Description] | |
| In the iCMS V7.0.16 version, the session in the session is hijacked, and members, roles and administrator accounts can be added arbitrarily without logging in to the account. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Insecure Permissions | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| icmsdev | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| icms - V7.0.16 | |
| ------------------------------------------ | |
| [Affected Component] | |
| Backend-User Management-Add Administrator/Add Member/Member Management/Role Management, etc. | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| true | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| Hijack the session in the session | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.icmsdev.com/ | |
| ------------------------------------------ | |
| [Discoverer] | |
| chubby |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment