An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/48981 | Exploit Third Party Advisory VDB Entry |
Configurations
History
26 Jan 2024, 16:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Monitorr
Monitorr monitorr |
|
CPE | cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:* |
07 Oct 2022, 02:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Apr 2021, 02:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:* | |
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://www.exploit-db.com/exploits/48981 - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - Exploit, Third Party Advisory |
12 Apr 2021, 14:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-12 14:15
Updated : 2024-01-26 16:46
NVD link : CVE-2020-28872
Mitre link : CVE-2020-28872
CVE.ORG link : CVE-2020-28872
JSON object : View
Products Affected
monitorr
- monitorr
CWE
CWE-863
Incorrect Authorization