PT-2019-15764 · Jalios · Jalios Jcms
Ricardojoserf
·
Publicado
2019-11-21
·
Atualizado
2020-08-24
·
CVE-2019-19033
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jalios JCMS version 10
Description
The issue allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account. This is achieved by using any username and a hardcoded
dev password.Recommendations
For Jalios JCMS version 10, change the hardcoded
dev password to prevent unauthorized access. Consider disabling the backdoor account until a more permanent fix is available. Restrict access to the WebDAV server to minimize the risk of exploitation.Exploit
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jalios Jcms