Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WorkforceROI XPede管理功能未保护漏洞
Vulnerability Description
XPede是一款基于WEB的项目审核软件,可运行在Microsoft Windows操作系统下。 XPede对管理接口脚本访问存在漏洞,可以导致攻击者获得其他用户信息或者控制项目系统。 默认/admin目录没有正确ACL限制,任何拥有合法帐户的用户都可以访问Xpede工具如/admin/adminproc.asp,攻击者可以不带参数的直接请求/admin/adminproc.asp脚本,就可以列举包含用户名/邮件地址/全名的所有帐户信息,导致攻击者可以采用社会工程学原理进行攻击。 另外,/admin/ad
CVSS Information
N/A
Vulnerability Type
N/A