Privilege Escalation

2018-12-2606:27:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.002

Percentile

51.6%

JSON

craftcms/cms is vulnerable to privilege escalation. The vulnerability exists because it does not validate the original user’s password and expects impersonated user’s password.

References

github.com/craftcms/cms/blob/master/CHANGELOG-v3.md

github.com/craftcms/cms/commit/4a6a90d000667ef6581790504d8a0c5c172c1531

github.com/craftcms/cms/issues/3487

github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1

EPSS

0.002

Percentile

51.6%

JSON

Related for VERACODE:8077