CVE-2021-37394

CVE-2021-37394

EPSS 1.2%

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/victomteng1997/bfa1e0e07dd22f7e0b13256eda79626f https://github.com/ralap-z/RPCMS/