Primary

Context

ContiNew Admin Unverified Password Change Vulnerability

Vulnerability

A vulnerability allowing unverified password changes has been identified in ContiNew Admin versions through 3.6.0. The issue arises from an unknown functionality in the file '/dev-api/system/user/1/password', which can be manipulated to change passwords without proper verification. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized access or privilege escalation.

Reproduction

To reproduce this vulnerability, send a request to the '/dev-api/system/user/1/password' endpoint. The request should include the new password, but no verification of the password change will be performed. This can be done remotely, and the vulnerability affects the super-administrator account.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ContiNew Admin Unverified Password Change Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

ContiNew Admin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating