ID CVE-2018-19110
Summary The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://github.com/xujeff/tianti/issues/29
Last major update 08-11-2018 - 03:29
Published 08-11-2018 - 03:29
Last modified 08-11-2018 - 03:29
Back to Top