CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

PimpMyLog 安全漏洞

PimpMyLog is an open source log file viewer and analysis tool from Potsky, France. A security vulnerability exists in PimpMyLog version 1.7.14, which stems from improper access control and could allow a remote attacker to create an administrator account and inject malicious JavaScript...

PimpMyLog v1.7.14 - Improper access control Exploit

Exploit Title: PimpMyLog v1.7.14 - Improper access control Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from improper access contro...