Vulnerabilities > CVE-2018-20423 - Unspecified vulnerability in Comsenz Discuzx X3.4

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

comsenz

NVD

Published: 2018-12-24

Updated: 2019-10-03

Summary

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

Vulnerable Configurations

Part	Description	Count
Application	Comsenz Comsenz Discuzx X3.4	1

References

https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI