CHT Security Red Team Discovered Vulnerability in Well-Known CMS

Summary

Vulnerability List

[CVE-2024-5514] – Hidden Functionality

Details
1. Hidden Functionality
Description
The product contains a hidden administrative account with a fixed password that cannot be removed or disabled through the management interface. This account is not visible to regular users or administrators and bypasses any IP access control restrictions. Additionally, actions taken using this account are not logged by the system, making it difficult to detect unauthorized access. Impact

Attacker can bypass IP access control restrictions and gain full administrative access, leading to potential unauthorized data access, data manipulation, or system disruption.

Known Affected Software

• CMS.
  
  

Credits

• redblaze (CHT Security)