PT-2019-13562 · Publisure · Publisure

Bourbon Jean-Marie

Publicado

2019-09-18

Atualizado

2020-08-24

CVE-2019-14253

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Publisure version 2.1.2

Description An issue in the servlet controller of the secure portal allows authentication bypass, enabling unauthorized queries on PHP forms within the /AdminDir folder, which should be restricted.

Recommendations For Publisure version 2.1.2, consider restricting access to the /AdminDir folder and its PHP forms until a patch is available. As a temporary workaround, review and strengthen authentication mechanisms to prevent bypass attempts.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2019-14253

Produtos afetados

Publisure

PT-2019-13562 · Publisure · Publisure

CVE-2019-14253

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3