ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XElog Project Elog
APPElog Project≤ 3.1.5-20251014
Powiązane podatności
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of servic...
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context ...
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated ...
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remot...
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereferenc...