4 matches found
Server side request forgery (ssrf)
CuteFlow 2.10.3 and 2.11.0c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request...
Cuteflow 2.10.3 - edituser.php Security Bypass
Cuteflow 2.10.3 - edituser.php Security Bypass It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to t...
Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability
No description provided by source. It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the applicati...
Cuteflow 2.10.3 - 'edituser.php' Security Bypass
It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access ...