In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2023090075 | Third Party Advisory |
https://github.com/ally-petitt/macs-cms-auth-bypass | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-26T00:00:00
Updated: 2023-09-26T20:22:13.232312
Reserved: 2023-09-18T00:00:00
Link: CVE-2023-43154
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-27T15:19:33.323
Modified: 2023-10-02T16:51:34.027
Link: CVE-2023-43154
JSON object: View
Redhat Information
No data.
CWE