PT-2019-17966 · Php Scripts Mall · Php Scripts Mall Advance Peer To Peer Mlm Script

Publicado

2019-01-11

Atualizado

2020-08-24

CVE-2019-6126

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Advance Peer to Peer MLM Script version 1.7.0

Description The issue allows remote attackers to bypass intended access restrictions. This can be achieved by directly navigating to "admin/dashboard.php" or "admin/user.php", resulting in the disclosure of information about users and staff.

Recommendations For PHP Scripts Mall Advance Peer to Peer MLM Script version 1.7.0, consider restricting access to the "admin/dashboard.php" and "admin/user.php" endpoints to minimize the risk of exploitation. Additionally, review and implement proper access controls to prevent unauthorized access to sensitive information.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-425

Identificadores relacionados

CVE-2019-6126

Produtos afetados

Php Scripts Mall Advance Peer To Peer Mlm Script

PT-2019-17966 · Php Scripts Mall · Php Scripts Mall Advance Peer To Peer Mlm Script

CVE-2019-6126

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3