Description

Appweb before 7.0.3 has a logic flaw. An attacker can bypass the webserver's authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of AppWeb

References

AppWeb Authentication Bypass

Related Vulnerabilities

WordPress Plugin Drop Shadow Boxes Security Bypass (1.7.1)

WordPress Plugin Age Gate Security Bypass (2.17.0)

WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1)

WordPress Plugin WP Migrate DB Security Bypass (0.6)

WordPress Plugin GDPR Cookie Consent Security Bypass (1.8.2)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass