Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MRCGIGUY The Ticket System "admin.php" 权限许可漏洞
Vulnerability Description
MRCGIGUY The Ticket System 2.0版本的admin.php没有适当地限制访问权,远程攻击者(1)可以借助editconfig操作获得敏感配置信息,或(2)可以借助editop操作中的id参数,改变管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A