CVE-2021-40616

Published: Jun 14, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.

Affected (1)

Products: Thinkcmf: Thinkcmf

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thinkcmf Thinkcmf	Version 5.1.7

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

https://github.com/thinkcmf/thinkcmf/issues/722

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/thinkcmf/thinkcmf/issues/722

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.