2023-11-30 17:41:13
cisa-cg
PUBLISHED
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the CmWebSearchPfp/Login.aspx?xyzldk= and payforprint_CM/Redirector.ashx?userid= parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.