Shenzhen Sixun Business Management System Improper Authorization Vulnerability
Vulnerability
A business logic flaw has been identified in Shenzhen Sixun Business Management System versions 7 and 11. This vulnerability resides in the file '/Adm/OperatorStop' and allows for improper authorization, which can be exploited remotely without authentication. The flaw has been publicly disclosed along with an available exploit.
Impact
Exploitation of this vulnerability bypasses authorization checks, allowing unauthorized access to the affected interface. This could lead to unauthorized actions such as disconnecting devices from the system.
Reproduction
To reproduce this vulnerability, log into the application using the default credentials '1001' for the username and '123456' for the password. After logging in, navigate to the '/Adm/OperatorStop' interface. The vulnerability can be exploited by accessing this page without proper authorization, which disrupts normal business operations by taking devices offline.
Remediation
It is recommended to implement proper firewall rules to restrict access to the vulnerable interface.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.