Discuzx Security Vulnerabilities and Issues — Discuzx CVE List

Lucene search

ComsenzDiscuzx

3 matches found

CVE•added 2018/12/24 4:29 a.m.•36 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be acces...

8.1CVSS8.3AI score0.00284EPSS

CVE•added 2018/12/24 4:29 a.m.•34 views

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.

5.9CVSS5.8AI score0.00156EPSS

CVE•added 2018/12/24 4:29 a.m.•27 views

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

8.1CVSS8AI score0.00297EPSS