CVE-2018-19110

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controllerusercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
References
Link Resource
https://github.com/xujeff/tianti/issues/29 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:tianti_project:tianti:2.3:*:*:*:*:*:*:*

Information

Published : 2018-11-08 08:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-19110

Mitre link : CVE-2018-19110

Products Affected
No products.
CWE