Attachment Deletion Bypass in Discuz! DiscuzX X3.4 by Comsenz
CVE-2018-5259

8.8HIGH

Key Information:

Vendor: Discuz
Status: Discuzx
Vendor: CVE Published:; 8 January 2018

What is CVE-2018-5259?

The vulnerability in Discuz! DiscuzX X3.4 allows remote authenticated users to circumvent the intended restrictions on attachment deletion by manipulating the aid parameter. This flaw could lead to unauthorized information exposure or data loss, compromising the integrity of user-generated content. Users of affected versions should implement proper access controls and update to the latest versions to mitigate this risk.

References

https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA

x_refsource_MISC

http://www.whsgwl.net/text.php?textid=3

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2018
Vulnerability Reserved
Jan 7, 2018

CVE-2018-5259 Data

JSON