Type confusion

2023-09-2715:19:00

PRIOn knowledge base

www.prio-n.com

macrob7

cms

type confusion

authentication bypass

administrator account

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in “isValidLogin()” function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.

CPENameOperatorVersion
macs_cmseq1.1.4102

CPE	Name	Operator	Version
	macs_cms	eq	1.1.4102

References

cxsecurity.com/issue/WLB-2023090075

github.com/ally-petitt/macs-cms-auth-bypass