Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Papoo CMS 用户特权漏洞
Vulnerability Description
Papoo CMS中存在用户特权漏洞。远程认证用户可以(1)借助interna/plugin.php中的template参数的一个devtools/templates/newdump_backend.html参数访问数据库备份读取整个数据库;(2)创立plugins;(3)移动plugins;(4)能够调试方式并具有其他未明影响。
CVSS Information
N/A
Vulnerability Type
N/A