Skip to content

Instantly share code, notes, and snippets.

polkaman

Block or report user

Report or block polkaman

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@polkaman
polkaman / txt
Created Jul 9, 2019
CVE-2019-13337-13338 descriptions
View txt
CVE-2019-13337
[Description]
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
be bypassed by adding a URL parameter access_token (this is the
parameter used by the API). No valid token is required since it is not
validated by the backend. The website can then be browsed as if no
basic authentication is required.
You can’t perform that action at this time.