CVE-2026-5248
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
6,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM
6,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
913
Improper Control of Dynamically-Managed Code Resources
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Other
Potential Impacts:
Execute Unauthorized Code Or Commands
Varies By Context
Alter Execution Logic
Applicable Platforms
Languages:
Interpreted, Not Language-Specific
915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Other
Potential Impacts:
Modify Application Data
Execute Unauthorized Code Or Commands
Varies By Context
Alter Execution Logic
Applicable Platforms
Languages:
ASP.NET, Not Language-Specific, PHP, Python, Ruby
https://thinhneee.github.io/posts/gougu-mass-assign/
https://vuldb.com/submit/780589
https://vuldb.com/vuln/354429
https://vuldb.com/vuln/354429/cti