漏洞标题
DemoSoso DM 企业网站构建系统 Cookie 指数DM_load.php dmlogin 验证失败
漏洞描述信息
发现了一个漏洞,影响了截至2022.8的Demososo DM企业网站建站系统,并被分类为高危。受影响的功能是Cookie Handler组件中的indexDM_load.php文件的dmlogin函数。通过输入y对参数is_admin进行操纵会导致身份验证不当。攻击可以通过远程方式进行。漏洞已公开披露,可能已被利用。这个漏洞的标识符为VDB-254605。注:关于此次披露,我们很早就联系了供应商,但他们没有任何回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
认证机制不恰当
漏洞标题
Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication
漏洞描述信息
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
漏洞类别
认证机制不恰当
漏洞标题
Demososo DM Enterprise Website Building System 授权问题漏洞
漏洞描述信息
Demososo DM Enterprise Website Building System是Demososo公司的一个系统网站。 Demososo DM Enterprise Website Building System 2022.8及之前版本存在授权问题漏洞,该漏洞源于组件Cookie Handler中的indexDM_load.php的dmlogin函数存在安全问题,通过参数 is_admin 使用特殊输入导致身份验证不正确。
CVSS信息
N/A
漏洞类别
授权问题