Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Alkacon OpenCms 'admin-main.jsp' 安全访问漏洞
Vulnerability Description
Alkacon OpenCms 6.2.2之前版本中的system/workplace/views/admin/admin-main.jsp不限制对管理员功能的访问,远程认证用户可以通过在对admin-main.jsp的直接请求中设置适合path参数的值,来(1) 对所有用户发送广播消息(/workplace/broadcast), (2)列出所有用户(/accounts/users), (3) 添加web用户 (/accounts/webusers/new), (4) 上传数据库导入和导出文件(/dat
CVSS Information
N/A
Vulnerability Type
N/A