Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Geeklog新用户默认管理权限漏洞
Vulnerability Description
Geeklog是德国软件开发者Dirk Haun所研发的一套开源的门户、内容管理、博客系统。该系统支持创建新闻系统或在线社区,可管理用户、张贴文章等。 Geeklog 1.3版本中存在配置错误可以允许非特权,一般用户登陆到服务获得管理员权限。 由Geeklog建立的第一新用户帐户其属于GroupAdmin/UserAdmin,可以导致第一个用户有管理员的权限,可以完全控制整个Geeklog系统。
CVSS Information
N/A
Vulnerability Type
N/A