Missing Authentication for Critical Function
CVE-2019-14253
Summary
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- NONE
CWE-306 - Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References
Advisory Timeline
- Published
