← back
CVE-2017-16935

CVE-2017-16935

EPSS 7.7%
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/44050unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blogs.securiteam.com/index.php/archives/3517https://issues.ametys.org/browse/RUNTIME-2582