Vulnerabilities > CVE-2019-11332 - Unspecified vulnerability in Mkcms Project Mkcms 5.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
mkcms-project
Summary
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |