daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-26598.yaml

patch-1
Prince Chaddha 2022-04-04 23:57:11 +05:30 committed by GitHub
parent 1e374c7482
commit c9e108c7db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cves/2021/CVE-2021-26598.yaml
View File

@ -6,10 +6,12 @@ info:
severity: medium
description: ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-26598
- http://karmainsecurity.com/KIS-2022-03
- https://hackerone.com/reports/1081137
tags: cve,cve2021,impresscms
- http://karmainsecurity.com/KIS-2022-03
- https://nvd.nist.gov/vuln/detail/CVE-2021-26598
metadata:
shodan-query: http.html:"ImpressCMS"
tags: cve,cve2021,impresscms,unauth,cms
requests:
- raw:
@ -32,6 +34,7 @@ requests:
words:
- 'last_login'
- 'user_regdate'
- 'uname'
condition: and
- type: status