Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shock-Therapy RSMScript Cookie多个脚本身份认证绕过和HTML注入漏洞
Vulnerability Description
RSMScript 1.21版本允许远程攻击者通过把校验过的cookie设置成任意值和执行一个直接请求,来绕过身份认证和获得管理特权。该请求是对(1)delete.php,(2)edit-submit.php,(3)edit.php,(4)submit.php和(5)update.php的请求,它会绕过由verify.php执行的安全验证。
CVSS Information
N/A
Vulnerability Type
N/A