Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yasna Yazd Discussion Forum不安全默认许可处理漏洞
Vulnerability Description
Yazd Discussion Forum的3.0 beta之前版本未正确管理论坛许可,远程认证用户(1)如果授权在任意论坛内创建消息,则可以在任意论坛内回复消息;并(2)执行某些未授权论坛操作,与向用户分配额外许可的"如何汇集许可权限的错误"有关。
CVSS Information
N/A
Vulnerability Type
N/A