admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-19857.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

18 lines
831 B
Markdown
Raw Blame History

### [CVE-2019-19857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19857)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.
### POC
#### Reference
- https://websec.nl/news.php
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink