Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CutePHP CuteNews 'index.php'editusers模块跨站请求伪造漏洞
Vulnerability Description
Cute News 是PHP文本 文章/新闻系统。CutePHP CuteNews 1.4.6版本和8b之前的UTF-8 CuteNews中存在跨站请求伪造漏洞,远程攻击者可以借助对index.php中的editusers模数进行增加用户操作攻击增加新用户和新管理员请求的管理员验证。
CVSS Information
N/A
Vulnerability Type
N/A