ELOG
Easy fix2 remedies
cpe:2.3:a:elog_project:elog:*:*:*:*:*:*:*
Easy fix2 remedies
ELOG User Profile Missing Authorization Vulnerability
Vulnerability
A vulnerability exists in ELOG that allows authenticated users to alter another user's profile. This includes changing the user's email address, which can then be used to request a password reset and gain control of the account. By default, ELOG does not permit self-registration.
Impact
Exploitation of this vulnerability could lead to unauthorized account access by allowing an attacker to change a user's email and reset their password.
Reproduction
To reproduce this vulnerability, an authenticated user must access the profile management feature of ELOG. Once there, the user can select another user's profile and make unauthorized changes, such as altering the email address. After the change is made, the user can request a password reset for the target account, effectively taking control of it.
Remediation
No fix is currently available for this vulnerability.
Added: Oct 31, 2025, 7:19 PM
Updated: Oct 31, 2025, 7:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
4.3remediation
8.3relevance
0.8threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.