WCMS Improper Authentication Vulnerability in Login Component

Vulnerability

A critical vulnerability has been identified in WCMS versions prior to 8.3.11. The issue arises in the Login component, specifically within the function getMemberByUid, located in the file /index.php?articleadmin/getallcon. The vulnerability allows for improper authentication by manipulating the uid argument. This remote attack has a high complexity and appears to be challenging to exploit.

Impact

Exploitation of this vulnerability leads to improper authentication, allowing unauthorized access or actions within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WCMS Improper Authentication Vulnerability in Login Component

Vulnerability

Impact

Affected Products

WCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating