2 matches found
phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check
Summary AbstractAdministrationController::userHasPermission catches the ForbiddenException thrown when a user lacks a specific permission, sends a "forbidden" HTML page via $response-send, but does not terminate execution. The calling controller method continues to execute, fetches protected data...
h1-ctf: [h1-415 2020] Multiple chained vulnerabilities lead to leaking secret document
Hi! Summary Multiple chained vulnerabilities lead to leaking secret documents. Improper sanitization in registration allows an attacker to create a QR recover code for any email address. This leads to an account takeover. Using that technique on jobert's account, attacker can access the support...