CVE-2023-53914

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1

Description An authentication bypass allows unauthenticated attackers to create administrative users. This is possible through mass assignment in the UserController by sending a crafted POST request to the ''index.php'' endpoint. Successful exploitation grants attackers full system access. The vulnerable parameter is not explicitly mentioned.

Recommendations Update to a newer version that contains a fix for this vulnerability.