Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Brilaps mostlyce跨站请求伪造漏洞
Vulnerability Description
MOStlyCE 2.4版本之前的版本的administrator/index2.php中存在跨站请求伪造漏洞。当在Mambo 4.6.3版本及其早期版本中运行时,远程攻击者可以借助一个com_users操作中的保存任务,例如运行mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php中独立的跨站脚本攻击漏洞,劫持管理员认证权限并要求添加新的管理员帐号。
CVSS Information
N/A
Vulnerability Type
N/A