CVE-2018-19222

Name of the Vulnerable Software and Affected Versions LAOBANCMS version 2.0

Description An issue in LAOBANCMS allows an attack via the "install/mysql hy.php" endpoint with specific parameters, riqi and i, set to 0, enabling the reset of the admin password even when the install.txt file exists.

Recommendations For LAOBANCMS version 2.0, as a temporary workaround, consider restricting access to the "install/mysql hy.php" endpoint until a patch is available. Avoid using the parameters riqi and i in this endpoint with a value of 0 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.