LiuYuYang01 ThriveX-Blog Improper Authorization Vulnerability in Web Config API
Vulnerability
An improper authorization vulnerability has been identified in LiuYuYang01 ThriveX-Blog versions through 3.1.7. The issue arises in the function 'updateJsonValueByName' within the '/web_config/json/name/web' API. This vulnerability allows any user with a valid token to modify website configuration, as the API does not properly validate user permissions. The vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows unauthorized users to modify website configuration, potentially leading to unauthorized changes in content or settings.
Reproduction
To reproduce this vulnerability, log in as an admin user and create a new user with the role of author, ensuring that system permissions are not granted. After logging in as the common user, access the '/setup' route, which should be restricted. Then, send a PATCH request to the '/api/web_config/json/name/web' endpoint, including the authorization token in the request headers. This request can be used to modify system settings, bypassing authorization checks.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.