Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec LiveUpdate Administrator跨站请求伪造漏洞
Vulnerability Description
Symantec LiveUpdate Administrator是赛门铁克公司开发的实时更新管理程序。 Symantec LiveUpdate Administrator(LUA)2.3之前版本的adduser.do中存在跨站请求伪造漏洞。远程攻击者可利用此漏洞执行非授权的操作。 应用程序的管理界面允许用户通过HTTP请求执行某些操作,而不进行验证检查以验证请求,可以通过诱使管理员在登录到应用程序时查看恶意网站执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A