Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DropAFew 特权操作输入错误漏洞
Vulnerability Description
DropAFew 0.2.1之前版本没有对特定的特权操作进行权限检查,这使得远程攻击者可以(1)借助editlogcal.php文件中的id参数,查看任意用户的登录的calorie信息;(2)借助links.php,添加任意链接或(3)借助newaccount2.php,创建任意用户。
CVSS Information
N/A
Vulnerability Type
N/A