Couchcms
Monthly
Privilege escalation in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the f_k_levels_list parameter during user creation requests. Attackers modify the parameter value from 4 to 10 in HTTP POST bodies to bypass authorization controls and gain unrestricted application access. This authenticated attack (PR:H) enables lateral privilege movement from Admin to SuperAdmin, circumventing intended role hierarchy enforcement. Publicly available exploit code exists, lowering exploitation barrier for actors with existing Admin credentials.
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. [CVSS 6.5 MEDIUM]
CouchCMS versions up to 2.4 use hard-coded cryptographic keys in the reCAPTCHA handler configuration, allowing remote attackers with high complexity to conduct information disclosure attacks against the reCAPTCHA mechanism. The vulnerability stems from improper handling of K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY parameters in couch/config.example.php, and publicly available exploit code exists, though real-world exploitation probability remains low (EPSS 0.06%).
Privilege escalation in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the f_k_levels_list parameter during user creation requests. Attackers modify the parameter value from 4 to 10 in HTTP POST bodies to bypass authorization controls and gain unrestricted application access. This authenticated attack (PR:H) enables lateral privilege movement from Admin to SuperAdmin, circumventing intended role hierarchy enforcement. Publicly available exploit code exists, lowering exploitation barrier for actors with existing Admin credentials.
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. [CVSS 6.5 MEDIUM]
CouchCMS versions up to 2.4 use hard-coded cryptographic keys in the reCAPTCHA handler configuration, allowing remote attackers with high complexity to conduct information disclosure attacks against the reCAPTCHA mechanism. The vulnerability stems from improper handling of K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY parameters in couch/config.example.php, and publicly available exploit code exists, though real-world exploitation probability remains low (EPSS 0.06%).