Description

Appweb before 7.0.3 has a logic flaw. An attacker can bypass the webserver's authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of AppWeb

References

AppWeb Authentication Bypass

Related Vulnerabilities

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (1.1.4.5)

Oracle Business Intelligence AuthBypass CVE-2019-2768

WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box Security Bypass (6.3.3)

WordPress Plugin Login No Captcha reCAPTCHA Security Bypass (1.6.11)

WordPress Plugin Related Posts Lite Security Bypass (1.1)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass