CVE-2018-19109

2018-11-0808:00:00

mitre

www.cve.org

8.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.

References

github.com/xujeff/tianti/issues/29