Incorrect Authorization

🗓️ 09 May 2023 11:15:13Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 16 Views

Vulnerability in kiwitcms email parameter

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-30544	24 Apr 202320:19	–	circl
CNNVD	Kiwi TCMS 安全漏洞	24 Apr 202300:00	–	cnnvd
CVE	CVE-2023-30544	24 Apr 202316:26	–	cve
Cvelist	CVE-2023-30544 Kiwi TCMS may allow user to update email address to unverified one	24 Apr 202316:26	–	cvelist
EUVD	EUVD-2023-1233	3 Oct 202520:07	–	euvd
Github Security Blog	kiwi TCMS has possibility for user to update email address to unverified one	24 Apr 202316:46	–	github
NVD	CVE-2023-30544	24 Apr 202317:15	–	nvd
OSV	CVE-2023-30544 Kiwi TCMS may allow user to update email address to unverified one	24 Apr 202316:26	–	osv
OSV	GHSA-7X6Q-3V3M-CWJG kiwi TCMS has possibility for user to update email address to unverified one	24 Apr 202316:46	–	osv
Prion	Design/Logic Flaw	24 Apr 202317:15	–	prion

Vulners

Node

kiwitcms kiwitcmsRange6.2.1–12.1python

Source	Link
github	www.github.com/kiwitcms/Kiwi/commit/20c3e3fed9cfa1e39df9054ae5803d0960f72e83
kiwitcms	www.kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/
github	www.github.com/advisories/GHSA-7x6q-3v3m-cwjg
github	www.github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg
github	www.github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg
huntr	www.huntr.com/bounties/1714df73-e639-4d64-ab25-ced82dad9f85
huntr	www.huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/
huntr	www.huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/

04 Feb 2025 21:31Current

5Medium risk

Vulners AI Score5

CVSS 3.13.9 - 4.3

EPSS0.0015

SSVC

kiwitcms incorrect authorization email validation admin page account registration