Fanli2012 native-php-cms
0 remedies
cpe:2.3:a:native-php-cms_project:native-php-cms:*:*:*:*:*:*:*
0 remedies
- 1.0
Fanli2012 Native-PHP-CMS Default Credentials Vulnerability in User Password Recovery Script
Vulnerability
A critical vulnerability exists in Fanli2012 native-php-cms version 1.0, specifically within the file '/fladmin/user_recoverpwd.php'. This vulnerability allows for the use of default credentials, enabling remote password resets for the administrator account. The issue arises from a logic flaw that permits the manipulation of password recovery processes, effectively bypassing authentication requirements.
Impact
Exploitation of this vulnerability allows for unauthorized password resets, granting attackers access to the administrator account.
Reproduction
To reproduce this vulnerability, import the default SQL file 'flcms.sql' into a database. After setting up the application, navigate to '/fladmin/user_recoverpwd.php'. The script can be exploited by sending a request that includes the username 'admin888'. The script will respond with a password reset, changing the password to 'admin' and allowing access to the admin account.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
5.0exploitability
9.7remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.