Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Grayscale Blog 多个输入验证漏洞
Vulnerability Description
Grayscale Blog 0.8.0以及可能之前的版本允许远程攻击者借助包含修改过的自变量的直接请求,获得特权。这些自变量位于提交到add_users.php的 (1)用户许可参数和到(2)addblog.php,(3)editblog.php,(4)editlinks.php,(5)edit_users.php和(6)add_links.php的未明参数。
CVSS Information
N/A
Vulnerability Type
N/A