Primary

Context

Quequnlong Shiyi-Blog Improper Authentication Vulnerability in Administrator Backend

Vulnerability

A critical vulnerability allowing improper authentication has been identified in Quequnlong Shiyi-Blog versions through 1.2.1. The issue resides in the Administrator Backend, specifically within the '/api/sys/user/verifyPassword/' endpoint. This vulnerability can be exploited remotely, bypassing password verification and potentially allowing unauthorized access to the admin interface.

Impact

Exploitation of this vulnerability allows attackers to bypass authentication and access the administrator backend, undermining the application's access control mechanisms.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/sys/user/verifyPassword/' endpoint with a password parameter. The response will indicate a successful authentication bypass, allowing access to the admin backend.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quequnlong Shiyi-Blog Improper Authentication Vulnerability in Administrator Backend

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating