Vulnerability identifier: #VU60720
Vulnerability risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
JQueryForm.com
Web applications /
Modules and components for CMS
Vendor:
Description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to a security bypass issue. A remote user can send a specially crafted request to bypass authentication and access the administrative section of other forms hosted on the same web server.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://JQueryForm.com
http://www.nou-systems.com/cyber-security
http://gist.github.com/pb-nsi/4d0a1ede76d4e97083b3435f820bf560
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.