CVE-2021-43847

Authorization Bypass in Space Invite in HumHub

CVSS 6.5 MEDIUMEPSS 1.2%CWE-285

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

humhub · humhub

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/humhub/humhub/pull/5473 https://github.com/humhub/humhub/releases/tag/v1.10.3 https://github.com/humhub/humhub/releases/tag/v1.9.3 https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74 https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/