CVE-2021-37394

CVE-2021-37394

EPSS 1.2%

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/victomteng1997/bfa1e0e07dd22f7e0b13256eda79626f https://github.com/ralap-z/RPCMS/