Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.
References
Link | Resource |
---|---|
https://github.com/lizhipay/faka/issues/22 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
01 Mar 2023, 14:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
First Time |
Lizhifaka Project
Lizhifaka Project lizhifaka |
|
References | (MISC) https://github.com/lizhipay/faka/issues/22 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:lizhifaka_project:lizhifaka:2.2.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
17 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-17 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-34164
Mitre link : CVE-2021-34164
CVE.ORG link : CVE-2021-34164
JSON object : View
Products Affected
lizhifaka_project
- lizhifaka
CWE
CWE-276
Incorrect Default Permissions