Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LokiCMS 'admin.php'文件绕过安全限制漏洞
Vulnerability Description
LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: # admin.php Lines:24-42 if ( isset ( $_POST ) && isset ( $_POST['LokiACTION'] ) && strlen ( trim ( $_POST['LokiACTI
CVSS Information
N/A
Vulnerability Type
N/A