Description
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
In LiuYuYang01 ThriveX-Blog bis 3.1.7 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion updateJsonValueByName der Datei /web_config/json/name/web. Dank der Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Incorrect Privilege Assignment
Product status
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
Timeline
| 2025-08-19: | Advisory disclosed |
| 2025-08-19: | VulDB entry created |
| 2025-08-19: | VulDB entry last update |
Credits
echo0d (VulDB User)
References
vuldb.com/?id.320530 (VDB-320530 | LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization)
vuldb.com/?ctiid.320530 (VDB-320530 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.629873 (Submit #629873 | LiuYuYang01 https://github.com/LiuYuYang01/ThriveX-Blog <=3.1.7 Incorrect Authorization)
github.com/...uYang01_ThriveX-Blog/IncorrectAuthorization.md
github.com/...uYang01_ThriveX-Blog/IncorrectAuthorization.md
