Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
comsenz discuzx x3.4 |