Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: November 2, 2021
OverviewIn Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.
DetailsIt is possible for a user to sign up with a “guest” privilege user, by browsing the signup url even after the admin disables a user to self-register themselves.
PoC DetailsLogin to the application as admin. Go to the “/settings/index” endpoint and disable the feature which allows a user to self register.
In incognito mode, browse to the sign up endpoint, and try to sign up with a user. We see that an external user is still able to create an account even when the feature is disabled by the admin.
Affected EnvironmentsPublify versions 9.0.0.pre1 to 9.2.4
PreventionUpdate to Publify version v9.2.5
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||None|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|