Time of check to time of use vulnerability in ponzu cms
Loginsoft-Research opened this issue · 0 comments
Loginsoft-Research commented
Vulnerability Description :- The Ponzu CMS is vulnerable to TOCTTOU attack. When an admin user deletes another admin user in the web application who is logged in at another system’s browser. After deleting, deleted admin user’s session will be active and he can perform any action in the web application, although his account is deleted.
Step To Reproduce :-
Create an admin user.
Log in at another system’s browser.
Delete that user.
User session will be active.