CVE-2018-20423

HIGH

Discuz! DiscuzX <3.4 - Auth Bypass

Title source: llm

Description

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

Exploits (1)

gitee 25 stars

by ComsenzDiscuz · writeup

https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI

Scores

CVSS v3 8.1

EPSS 0.0030

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

comsenz/discuzx x3.4

Published Dec 24, 2018

Tracked Since Feb 18, 2026