Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
References
Link | Resource |
---|---|
http://rungga.blogspot.co.id/2017/03/privilege-escalation-manipulation-of.html | Third Party Advisory |
http://www.securityfocus.com/bid/96889 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/41594/ | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-03-11 21:59
Updated : 2019-10-02 17:03
NVD link : CVE-2017-6823
Mitre link : CVE-2017-6823
JSON object : View
CWE
CWE-294
Authentication Bypass by Capture-replay
Products Affected
fiyo
- fiyo_cms