Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Help Center Live Administration 多个安全绕过漏洞
Vulnerability Description
Help Center Live (hcl) 2.1.3a版本的class/auth.php中的check_logout函数发送一个对网络浏览器的直接请求,但没有在管理证书遗失的时候退出程序,远程攻击者可以借助对(1) admin/departments.php, (2) admin/operators.php, 以及其它未明脚本的特定请求,删除管理用户并具有未明影响。
CVSS Information
N/A
Vulnerability Type
N/A