Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Collabtive 跨站请求伪造漏洞
Vulnerability Description
Collabtive 0.4.8中存在多个跨站请求伪造漏洞。远程攻击者劫持管理员权限为了发送 for requests that (1) 提交或编辑一个新程序, 或 (2) 向一个程序上传文件, 或 (3) 通过未明向量在信息中添加附件的请求。注意:该漏洞可能与别的漏洞结合而产生不需要权限的远程攻击向量。
CVSS Information
N/A
Vulnerability Type
N/A