PT-2023-11731 · Unknown · Cms-Dev/Cms
Niuzhi
·
Publicado
2023-08-11
·
Atualizado
2023-08-17
·
CVE-2020-24804
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
cms-dev/cms version 1.4.rc1
Description
The issue allows attackers to gain sensitive information via audit logs due to a plaintext password vulnerability in AddAdmin.py.
Recommendations
For version 1.4.rc1, consider disabling the AddAdmin.py script until a patch is available to prevent attackers from gaining sensitive information. Restrict access to audit logs to minimize the risk of exploitation.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cms-Dev/Cms