Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication
Vulnerability Description
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Demososo DM Enterprise Website Building System 授权问题漏洞
Vulnerability Description
Demososo DM Enterprise Website Building System是Demososo公司的一个系统网站。 Demososo DM Enterprise Website Building System 2022.8及之前版本存在授权问题漏洞,该漏洞源于组件Cookie Handler中的indexDM_load.php的dmlogin函数存在安全问题,通过参数 is_admin 使用特殊输入导致身份验证不正确。
CVSS Information
N/A
Vulnerability Type
N/A