Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eZ publish 敏感信息泄露漏洞
Vulnerability Description
eZ publish 3.5的3.5.7之前版本、3.6的3.6.5之前的版本、3.7 的3.7.3之前版本和3.8的20051110之前版本中管理界面未能正确处理授权错误, 远程攻击者可以通过带有(1)"url之后的任意内容" 或(2)一个"错误url"的请求获取敏感信息并查看到管理员页面布局和相关模板。
CVSS Information
N/A
Vulnerability Type
N/A