Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPGraphy Index.PHP 未授权访问漏洞
Vulnerability Description
phpGraphy 0.9.11及早期版本允许远程攻击者借助于对index.php(其editwelcome参数设置为1)的直接请求绕过认证和获取管理员权限。这样就可以修改main页面,从而注入任意HTML和web脚本。注:跨站脚本攻击是由此问题引起的,因为正常的功能允许管理员修改页面。
CVSS Information
N/A
Vulnerability Type
N/A