An attacker can log in to the admin account by using the following request: This can be fixed by updating the application code. An attacker can view the admin password by sending a request like the following: This can be fixed by updating the application code. An attacker can change the password by sending a request like the following: This can be fixed by updating the application code. An attacker can delete the admin account by sending a request like the following: This can be fixed by updating the application code. An attacker can create new admin accounts by sending a request like the following: This can be fixed by updating the application code. An attacker can change the password of the admin account by sending a request like the following: This can be fixed by updating the application code. An attacker can delete the admin account by sending a request like the following: This can be fixed by updating the application code. An attacker can create new admin accounts by sending a request like the following: This can be fixed by updating the application code. An attacker can upload files to the server by sending a request like the following: This can be fixed by updating the application code. An attacker can delete the admin account by sending a request like the following: This can be fixed by updating the application code. An attacker can create new admin accounts by sending a request like the following: This can be fixed by updating the application code

Anonymous Login

Anonymous login is available in this application. An attacker can log in to the admin account anonymously by sending a request like the following: This can be fixed by updating the application code.

Timeline

Published on: 10/17/2022 14:15:00 UTC
Last modified on: 10/19/2022 15:05:00 UTC

References