PT-2024-15536 · Deshang · Deshang Dscms
Glzjin
·
Published
2024-01-11
·
Updated
2024-05-17
·
CVE-2024-0413
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DeShang DSKMS versions up to 3.1.2
Description
A vulnerability was found in DeShang DSKMS, affecting some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Recommendations
For DeShang DSKMS versions up to 3.1.2, consider updating to a version later than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the public/install.php file until a patch is available.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deshang Dscms