In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
References
Configurations
No configuration.
History
07 Jul 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228 - | |
Summary |
|
05 Jul 2025, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-05 03:15
Updated : 2025-07-07 19:15
NVD link : CVE-2025-47227
Mitre link : CVE-2025-47227
CVE.ORG link : CVE-2025-47227
JSON object : View
Products Affected
No product.
CWE
CWE-684
Incorrect Provision of Specified Functionality