There is login bypass in doracms

There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in.
[Vulnerability proof]
Step 1:Log in to the system through the default account doracms and record the returned package.
![image](https://user-images.githubusercontent.com/71998676/176827502-02d609e6-684e-47ad-afe4-a29785b770c9.png)
Step 2:Use this return package to log in to other doracms systems.
![image](https://user-images.githubusercontent.com/71998676/176828689-372d7993-f802-4d7f-a21a-80436a3da148.png)
![image](https://user-images.githubusercontent.com/71998676/176828728-da1878f1-a59b-4902-968a-9af2fe363fff.png)
Step 3:Successfully bypassed login to enter the system.
![image](https://user-images.githubusercontent.com/71998676/176828974-63622a26-4497-4f6c-bf24-a0e502ab4a4b.png)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is login bypass in doracms #256

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is login bypass in doracms #256

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions