CRITICAL🇵🇱 Wersja polska

CVE-2022-35147

CVSS 9.8v3.1pub. 2022-08-17upd. 2024-11-21

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Html Js Doracms

    APP
    Html-Js
    ≤ 2.1.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-51840CRITICAL9.8PL ✓ten sam produkt

DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego

CVE-2023-49443CRITICAL9.8PL ✓ten sam produkt

DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego

CVE-2024-28715HIGH8.8ten sam produkt

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary ...

CVE-2020-18220HIGH7.5ten sam produkt

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as i...

CVE-2026-3794MEDIUM5.5ten sam produkt

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the fi...