Vulnerabilities > CVE-2018-20423 - Unspecified vulnerability in Comsenz Discuzx X3.4

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

comsenz

NVD

Published: 2018-12-24

Updated: 2019-10-03

Summary

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

Vulnerable Configurations

Part	Description	Count
Application	Comsenz Comsenz Discuzx X3.4	1

References

https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI