Hangzhou Xiongwei Technology Development Co., Ltd. - Restaurant Digital Comprehensive Management Platform - There is a general vulnerability that bypasses authentication and leads to arbitrary password resets

Official website case company display http://sovell.cn

Affected products and versions:

Restaurant digital comprehensive management platform

Vulnerability or problem type:

Logical loopholes

CVE-2024-26520

Repair suggestion:

Perform backend verification on front-end data

Case 1

To reset any password, enter the administrator account and dynamic password. Modify the return package parameter to 1 to bypass it.

Modify code=1 msg OK

Verification has been bypassed , Just change the new password