PT-2019-19912 · WordPress · Wpgraphql
Simone Q
·
Publicado
2019-06-10
·
Atualizado
2024-01-22
·
CVE-2019-9879
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WPGraphQL version 0.2.3
Description
The issue allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the
registerUser mutation.Recommendations
For WPGraphQL version 0.2.3, update to a version that fixes this issue to prevent remote attackers from registering new users with admin privileges.
Exploit
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wpgraphql