Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Scriptsez.net Ez Poll Hoster 多个跨站请求伪造漏洞
Vulnerability Description
Scriptsez.net Ez Poll Hoster (EPH)中存在多个跨站请求伪造漏洞,远程攻击者可以借助对index.php的delete_poll操作攻击删除polls的任意用户的验证请求;并且(2)借助对admin.php的管理操作删除用户,或(3)对admin.php的邮件操作中给任意用户发送任意邮件攻击管理员验证请求。
CVSS Information
N/A
Vulnerability Type
N/A