Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QuickerSite 'asp/bs_login.asp'身份认证和访问控制漏洞
Vulnerability Description
QuickerSite 1.8.5版本中的asp/bs_login.asp没有正确的限制对管理功能的访问,这使得远程攻击者可以(1)借助cSaveAdminPW操作,更改管理员密码;(2)借助saveAdmin,修改站点信息,比如联系地址;(3)借助保存设计操作,修改站点设计。
CVSS Information
N/A
Vulnerability Type
N/A