Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: All Bagisto installations use a default user name ("[email protected] (mailto:[email protected])") and password ("admin123") until it's changed manually by the shop administrator.
Proof: https://github.com/bagisto/bagisto#on-local (https://github.com/bagisto/bagisto#on-local) There are installations in the wild which still uses default credentials for admin login. Solution: Change the password of the admin user in the Bagisto shop backend to a secure password. Sent with PrivateMail _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
