Primary

Context

JIZHICMS Improper Authorization Vulnerability in Account Profile Page

Vulnerability

A vulnerability allowing improper authorization has been identified in JIZHICMS versions through 1.7.0. The issue resides in the Account Profile Page, specifically within the file '/user/userinfo.html'. The vulnerability is triggered by manipulating the 'jifen' argument, leading to unauthorized access or actions. This issue can be exploited remotely, and details of the exploitation are publicly available.

Impact

Exploitation of this vulnerability allows for unauthorized modification of user data, specifically the 'jifen' value on the account profile page.

Reproduction

To reproduce this vulnerability, send a POST request to '/user/userinfo.html' with the 'jifen' parameter set to a desired value. The response will reflect the modified 'jifen' value, demonstrating the unauthorized access control.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JIZHICMS Improper Authorization Vulnerability in Account Profile Page

Vulnerability

Impact

Reproduction

Affected Products

JIZHICMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating