Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sourcetreesolutions mojoPortal跨站请求伪造漏洞
Vulnerability Description
mojoPortal是美国程序员Joe Audette所研发的一套开源的、面向对象的网站架构(WSF)和内容管理系统(CMS),它提供事件日历、相册、文件管理器等。 mojoPortal 2.3.4.3和2.3.5.1版本中的文件管理服务(Services/FileService.ashx)中存在跨站脚本请求伪造漏洞。远程攻击者可以劫持请求重命名任意文件的管理员认证。该漏洞体现在引起user.conifg文件被移动,从而导致拒绝服务(服务停止)或者可能暴露敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A