admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-26 19:01:15 +00:00
parent f6293bb5c3
commit 8d8c630a75
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/10xxx/CVE-2020-10793.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the \"Select Role of the User\" page."
"value": "** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the \"Select Role of the User\" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library."
}
]
},
@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297",
"url": "https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297"
},
{
"refsource": "MISC",
"name": "https://codeigniter4.github.io/userguide/extending/authentication.html",
"url": "https://codeigniter4.github.io/userguide/extending/authentication.html"
}
]
}