CVE-2020-14015

CVE-2020-14015

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id).

Source: CVE-2020-14015

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다