Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NewType FlowMaster BPM Plus - Privilege Escalation
Vulnerability Description
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在信任Cookie未进行验证与完整性检查
Vulnerability Title
NewType FlowMaster BPM Plus 安全漏洞
Vulnerability Description
NewType FlowMaster BPM Plus是中国新人类(NewType)公司的一个商业流程管理系统。 NewType FlowMaster BPM Plus存在安全漏洞,该漏洞源于存在权限提升漏洞,导致具有常规权限的远程攻击者可以通过篡改特定cookie将其权限提升为管理员。
CVSS Information
N/A
Vulnerability Type
N/A