Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Weblord.it MS-TopSites add-on edit.php 跨站请求伪造漏洞
Vulnerability Description
PHP-Nuke的MS TopSites add-on的edit.php中存在跨站请求伪造漏洞,不验证当前用户的uname参数匹配,这使得远程验证用户借助修改modules.php的edit操作的uname值更改任意账户属性或更改SiteTitleName字段。
CVSS Information
N/A
Vulnerability Type
N/A