CVE-2017-15052
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-15052
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TeamPass 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TeamPass是一款专用于Apache、MySQL和PHP中的密码管理器。 TeamPass 2.1.27.9之前的版本中存在安全漏洞,该漏洞源于程序没有正确的强制执行管理员访问控制。攻击者可通过获取管理员权限,并篡改请求利用该漏洞删除任意用户(包括:管理员用户)或更改任意用户的属性(不包括:管理员用户)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-15052
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-15052
Please Login to view more intelligence information
- http://blog.amossys.fr/teampass-multiple-cve-01.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-15052
Same Patch Batch · n/a · 2017-11-27 · 32 CVEs total
| CVE-2017-8044 | Pivotal Single Sign-On for PCF 安全漏洞 | |
| CVE-2017-15275 | Samba 信息泄露漏洞 | |
| CVE-2017-14746 | Samba 安全漏洞 | |
| CVE-2015-7269 | Lenovo ThinkPad W541笔记本Seagate ST500LT015 hard disk drive安全漏洞 | |
| CVE-2015-7268 | 多款设备Samsung 850 Pro、PM851固态硬盘、Seagate ST500LT015和ST500LT025硬盘安全漏洞 | |
| CVE-2015-7267 | 多款设备Samsung 850 Pro、PM851固态硬盘、Seagate ST500LT015和ST500LT025硬盘安全漏洞 | |
| CVE-2017-16994 | Linux kernel 安全漏洞 | |
| CVE-2017-15055 | TeamPass 安全漏洞 | |
| CVE-2017-15054 | TeamPass 安全漏洞 | |
| CVE-2017-15053 | TeamPass 安全漏洞 | |
| CVE-2017-15051 | TeamPass 跨站脚本漏洞 | |
| CVE-2017-15114 | libvirtd 安全漏洞 | |
| CVE-2017-1000207 | Swagger Parser和Swagger codegen 安全漏洞 | |
| CVE-2017-1000159 | evince 操作系统命令注入漏洞 | |
| CVE-2017-1000214 | GitPHP 操作系统命令注入漏洞 | |
| CVE-2017-8045 | Pivotal Spring AMQP 安全漏洞 | |
| CVE-2017-14176 | Canonical Bazaar 安全漏洞 | |
| CVE-2017-8039 | Pivotal Spring Web Flow 安全漏洞 | |
| CVE-2017-8038 | Pivotal Cloud Foundry Credhub-release 安全漏洞 | |
| CVE-2017-8031 | Pivotal Cloud Foundry cf-release和UAA 安全漏洞 |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem - CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin
V. Comments for CVE-2017-15052
No comments yet