2 matches found
CVE-2022-36249
Shop Beat Media Player v2.5.95–v3.2.57 is affected by a vulnerability that allows bypassing secondary authentication (2FA) at the API level. After login, an attacker can use a bearer token or jsession ID to access APIs without entering the 2FA code, specifically impacting Controlpanel Lite. Root ...
CVE-2022-36249 Shop Beat Services Vulnerable To Bypass 2FA via APIs
Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...