Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Flyspeck CMS 'index.php'认证及访问控制漏洞
Vulnerability Description
Flyspeck CMS是简单易用的网站编辑系统。 Flyspeck CMS 6.8版本的index.php没有要求对updateExistingContent操作的管理认证权限,这会允许远程攻击者可以借助(1)users[fullname],(2)users[email],(3)users[role_id],(4)users[username],以及(5)users[password]参数,创建或更改管理账户。
CVSS Information
N/A
Vulnerability Type
N/A