Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2018-20424
Disclosure Date: December 24, 2018 (last updated November 27, 2024)
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
0
Attacker Value
Unknown
CVE-2018-20423
Disclosure Date: December 24, 2018 (last updated November 27, 2024)
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
0
Attacker Value
Unknown
CVE-2018-20422
Disclosure Date: December 24, 2018 (last updated November 27, 2024)
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
0
Attacker Value
Unknown
CVE-2018-5375
Disclosure Date: January 12, 2018 (last updated November 26, 2024)
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
0
Attacker Value
Unknown
CVE-2018-5377
Disclosure Date: January 12, 2018 (last updated November 26, 2024)
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
0
Attacker Value
Unknown
CVE-2018-5331
Disclosure Date: January 10, 2018 (last updated November 26, 2024)
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
0
Attacker Value
Unknown
CVE-2018-5259
Disclosure Date: January 08, 2018 (last updated November 26, 2024)
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
0
