In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
References
Link | Resource |
---|---|
https://gist.github.com/victomteng1997/bfa1e0e07dd22f7e0b13256eda79626f | Exploit Third Party Advisory |
https://github.com/ralap-z/RPCMS/ | Product |
Configurations
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
06 Aug 2021, 16:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
CPE | cpe:2.3:a:rpcms:rpcms:*:*:*:*:*:*:*:* | |
References | (MISC) https://gist.github.com/victomteng1997/bfa1e0e07dd22f7e0b13256eda79626f - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/ralap-z/RPCMS/ - Product |
26 Jul 2021, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-26 18:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-37394
Mitre link : CVE-2021-37394
CVE.ORG link : CVE-2021-37394
JSON object : View
Products Affected
rpcms
- rpcms
CWE