tagDiv Composer Broken Authentication Vulnerability
漏洞信息
漏洞名称: tagDiv Composer Broken Authentication Vulnerability
漏洞编号:
- CVE: CVE-2022-3477
漏洞类型: 权限绕过
漏洞等级: 严重
漏洞描述: ### 受影响产品
tagDiv Composer是WordPress的一个插件,广泛用于Newspaper和Newsmag主题中,为网站提供丰富的布局和设计功能。由于其易用性和功能强大,被许多WordPress网站采用,特别是在新闻和杂志类网站中。
漏洞说明
该漏洞属于权限绕过类型,具体是由于tagDiv Composer插件在3.5版本之前,以及Newspaper主题在12.1版本之前和Newsmag主题在5.2.2版本之前,对Facebook登录的实现存在缺陷。攻击者无需认证即可通过知道用户的电子邮件地址,以该用户的身份登录系统。这种漏洞的根本原因在于认证逻辑的不当实现,导致系统未能正确验证用户身份。
影响分析
此漏洞的安全风险极高,被评为严重级别。攻击者可以利用此漏洞绕过正常的认证流程,获得对网站的管理权限或其他用户账户的访问权限,进而可能进行数据泄露、网站内容篡改或其他恶意操作。由于攻击者仅需知道目标用户的电子邮件地址即可发起攻击,且无需任何形式的认证,这使得漏洞的利用门槛极低,潜在影响范围广泛。此外,这种漏洞可能被自动化工具利用,进一步增加了其危险性。
产品厂商: tagDiv
产品名称: tagDiv Composer
影响版本: version < 3.5
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12752
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
tagDiv Composer WordPress plugin before 3.5, used by Newspaper theme before 12.1 and Newsmag theme before 5.2.2, contains a broken authentication caused by improper Facebook login implementation, letting unauthenticated attackers login as any user by knowing their email address.
Severity: Critical
POC:
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.