White Shark System (WSS) Unauthorized Access Vulnerability (CNVD-2021-44702)

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". An unauthorized access vulnerability exists in...

CVE-2020-20466

White Shark System WSS 1.3.2 is vulnerable to unauthorized access via usereditpassword.php, remote attackers can modify the password of any user...

CVE-2020-20468

White Shark System WSS 1.3.2 is vulnerable to CSRF. Attackers can use the usereditpassword.php file to modify the user password...

Default credentials

White Shark System WSS 1.3.2 is vulnerable to unauthorized access via usereditpassword.php, remote attackers can modify the password of any user...

CVE-2020-20468

White Shark System (WSS) 1.3.2 is affected by CVE-2020-20468, a CSRF vulnerability that allows an attacker to modify a user password via the file user_edit_password.php. The issue is documented in multiple sources (CNVD/CNNVD) as a Cross-Site Request Forgery vulnerability in WSS, enabling passwor...

CVE-2020-20466

White Shark System (WSS) version 1.3.2 contains an unauthenticated vulnerability in user_edit_password.php allowing remote attackers to modify passwords of arbitrary users. This CVE-2020-20466 entry is corroborated by multiple sources (Red Hat, CNVD, NVD, and other catalogs) and is described as a...

WSS is the latest version of any user of the password reset（official demo demo-the vulnerability warning-the black bar safety net

WSS latest version of the design flaws lead to arbitrary user password reset, including the administrator 文件 usereditpassword.php code area ? php $editFormAction = $SERVER'PHPSELF'; if isset$SERVER'QUERYSTRING' $editFormAction .= "?" . htmlentities$SERVER'QUERYSTRING'; $password = "-1"; if...