{"id":8712,"date":"2025-07-22T17:44:01","date_gmt":"2025-07-22T17:44:01","guid":{"rendered":"http:\/\/localhost\/?p=8712"},"modified":"2025-07-22T17:44:01","modified_gmt":"2025-07-22T17:44:01","slug":"nodejs-version-of-the-hax-cms-application-is-distributed-with-default-secrets","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8712","title":{"rendered":"NodeJS version of the HAX CMS application is distributed with Default Secrets"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nNodeJS version of the HAX CMS application is distributed with Default Secrets<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-22T21:34:20.201Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-22T21:34:20.201Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nhaxtheweb<\/td>\n<\/tr>\n
Product<\/th>\nissues<\/td>\n<\/tr>\n
Version<\/th>\n< 11.0.10<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.3 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nHAX CMS NodeJS versions 11.0.9 and below have hardcoded default credentials and JWT private keys, which can be exploited by attackers to gain unauthorized access and modify sites. Users are not prompted to change these credentials during installation or through the UI. This vulnerability is fixed in version 11.0.10.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nhaxtheweb<\/td>\n<\/tr>\n
AI Product<\/th>\nHAX CMS NodeJS<\/td>\n<\/tr>\n
AI Version<\/th>\n11.0.9 and below<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n