The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because maps a /skin/list request to the function skinList, and lacks an authorization check.

Source: CVE-2018-19110

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.