TUCoPS :: HP Unsorted C :: bt-21539.htm

Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability
Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability
Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability


It's possible edit the users (including the admin account), bypassing the
authentication through the address:
http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st 
rLastName&sortdir=ASC&start=1

The vulnerability is caused due to the application not properly restricting access to the pages/edituser.php script. This can be exploited to modify a user's username and password without having proper credentials.

Hever Costa Rocha

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH