PT-2018-11516 · Hycus · Hycus Cms
Published
2018-06-29
·
Updated
2018-08-20
·
CVE-2018-12984
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hycus CMS version 1.0.4
Description
The issue allows for authentication bypass by using specific credentials, including
username and password with a value of '=' 'OR'. This can potentially allow unauthorized access to the system.Recommendations
For Hycus CMS version 1.0.4, update the authentication mechanism to properly validate and sanitize user input to prevent bypass attempts. As a temporary workaround, consider implementing additional authentication checks to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hycus Cms