A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHtml Js Doracms
APPHtml-Jswszystkie wersje
Powiązane podatności
DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego
DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary ...
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as i...