Design/Logic Flaw

2018-12-2404:29:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a “disabled registration” setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

CPENameOperatorVersion
discuzxeq3.4.120

CPE	Name	Operator	Version
	discuzx	eq	3.4.120

References

gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI