CVE-2018-20422

HIGH

Comsenz Discuzx - Authentication Bypass

Title source: rule

Description

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).

Exploits (1)

gitee 25 stars

by ComsenzDiscuz · writeup

https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI

Scores

CVSS v3 8.1

EPSS 0.0028

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

comsenz/discuzx x3.4

Published Dec 24, 2018

Tracked Since Feb 18, 2026