Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ECartis LIScript任意变量查看漏洞
Vulnerability Description
Ecartis是一款邮件列表管理器。 Ecartis没有正确处理用户提供的输入,远程攻击者可以利用这个漏洞未授权获得敏感信息。 Ecartis包含的liscript支持部分变量和函数,部分地方对用户输入完全可信,允许调用部分函数或查看变量,用户提交如下的请求: subscribe secret-list subscribe <$post-password> 第一条命令会失败,但是Ecartis会选择secre-list作为活动列表,第二条命令也不成功,但是返回的邮件会包含post-password的实际密
CVSS Information
N/A
Vulnerability Type
N/A