Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CitrusDB远程认证绕过漏洞
Vulnerability Description
CitrusDB 是一个基于Web的客户关系维护和账单管理解决方案。 CitrusDB 0.3.6及更早版本会为id_hash cookie生成易于预测的用户名MD5散列,这可让远程攻击者绕过认证,并通过计算用户名与"boogaadeeboo"字符串组合的MD5校验和来获取特权,这是在$hidden_hash变量中硬编码的。
CVSS Information
N/A
Vulnerability Type
N/A