Primary

Context

Jrohy Trojan Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in Jrohy Trojan versions 2.0.0 through 2.15.3. The issue arises in the web application's initialization interface at '/auth/register', where improper handling of user input allows remote attackers to modify the administrator password without authorization.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the administrator password, potentially leading to unauthorized administrative access.

Reproduction

To reproduce this vulnerability, send a POST request to the '/auth/register' endpoint with the desired password. The request will be processed by the 'updateUser' function, which extracts the password and updates the administrator password in the application's database.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jrohy Trojan Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating