PT-2020-19302 · Hashbrown · Hashbrown Cms
Ufo009Eo
·
Published
2020-01-13
·
Updated
2020-01-17
·
CVE-2020-6949
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HashBrown CMS versions through 1.3.3
Description
A privilege escalation issue was found in the postUser function. This allows an editor user to change the password hash of an admin user's account or reconfigure the account.
Recommendations
For HashBrown CMS versions through 1.3.3, consider restricting access to the postUser function until a fix is available. As a temporary workaround, limit the privileges of editor users to prevent them from modifying admin accounts.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hashbrown Cms