Full Disclosure mailing list archives
Bagisto: Default credentials for admin interface
From: devsecweb--- via Fulldisclosure <fulldisclosure () seclists org>
Date: Sun, 30 Aug 2020 08:37:20 +0000
Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: All Bagisto installations use a default user name ("admin () example com (mailto:admin () example com)") and password ("admin123") until it's changed manually by the shop administrator. Proof: https://github.com/bagisto/bagisto#on-local (https://github.com/bagisto/bagisto#on-local) There are installations in the wild which still uses default credentials for admin login. Solution: Change the password of the admin user in the Bagisto shop backend to a secure password. Sent with PrivateMail _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Bagisto: Default credentials for admin interface devsecweb--- via Fulldisclosure (Sep 01)