N/A

microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.

N/A

N/A

Impliedbydesign Micro CMS 'microcms-admin-home.php'安全绕过漏洞

Micro CMS是基于基于AJAX技术的，所见即所得的内容管理系统。 Implied by Design Micro CMS (Micro-CMS) 3.5(又称0.3.5)版本中的microcms-admin-home.php没有以管理员的身份进行身份认证，这使得远程攻击者可以(1)借助一个添加网管操作，创建管理帐户；(2)借助一个删除网管操作，移除管理帐户以及(3)借助一个更改密码操作，修改管理密码。

N/A

N/A