There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in.
[Vulnerability proof]
Step 1:Log in to the system through the default account doracms and record the returned package.
Step 2:Use this return package to log in to other doracms systems.
Step 3:Successfully bypassed login to enter the system.
The text was updated successfully, but these errors were encountered:
There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in.




[Vulnerability proof]
Step 1:Log in to the system through the default account doracms and record the returned package.
Step 2:Use this return package to log in to other doracms systems.
Step 3:Successfully bypassed login to enter the system.
The text was updated successfully, but these errors were encountered: