Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrMichaellok001015DBF52-8924-4AAD-86D7-892CB61157AF
HistoryDec 22, 2022 - 8:07 a.m.

Critical Account Takeover and Privilege Escalation

2022-12-2208:07:15
michaellok001
www.huntr.dev
8
account takeover
privilege escalation
vulnerability
change password
admin account
JSON

Description

Critical account takeover and privilege escalation vulnerability allow a low privilege user to take over admin account by using change password functionality.

In a normal user, select change password
alt text
Change the user ID to 1 as it is the admin account user ID
alt text
Admin account is taken over immediately
alt text

Related

github 1
nvd 1
osv 2
cvelist 1
cve 1
github
github
usememos/memos vulnerable to improper access control
2022-12-23 12:30:25
nvd
nvd
CVE-2022-4685
2022-12-23 12:15:10
osv
osv
usememos/memos vulnerable to improper access control in github.com/usememos/memos
2024-08-21 16:03:59
usememos/memos vulnerable to improper access control
2022-12-23 12:30:25
cvelist
cvelist
CVE-2022-4685
1976-01-01 00:00:00
cve
cve
CVE-2022-4685
2022-12-23 12:15:10
JSON
Related for 015DBF52-8924-4AAD-86D7-892CB61157AF
github1nvd1osv2cvelist1cve1