IDCVSSSummaryLast (major) updatePublished
CVE-2017-16935 5.0
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing
03-10-2019 - 00:03 24-11-2017 - 07:29
Back to Top Mark selected
Back to Top