Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a disabled registration setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Discuzx | Comsenz | x3.4 (including) | x3.4 (including) |