Improper Authentication in Bludit

#VU31048 Improper Authentication in Bludit

Published: 2019-06-05 | Updated: 2020-07-17

Vulnerability identifier: #VU31048

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12742

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Bludit
Web applications / CMS

Vendor: Bludit

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).

Mitigation
Install update from vendor's website.

Vulnerable software versions

Bludit: 3.9.0

External links
http://github.com/bludit/bludit/commit/a1bb333153fa8ba29a88cfba423d810f509a2b37
http://github.com/bludit/bludit/releases/tag/3.9.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in Bludit Bludit