Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yanick_Bourbeau Lightweight news portal身份认证绕过漏洞
Vulnerability Description
Lightweight news portal (LNP) 1.0b版本没有正确的限制对管理员功能的访问,这使得远程攻击者可以借助对admin.php的直接请求和(1)potd_delete,(2)potd,(3)vote_update,(4)vote或(5)modifynews操作,获得管理员特权。
CVSS Information
N/A
Vulnerability Type
N/A