Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mahara敏感信息泄露漏洞
Vulnerability Description
Mahara 1.3.6之前版本没有正确限制响应AJAX调用中的数据。远程认证用户可以借助与(1)blocktype/myfriends/myfriends.json.php,(2)json/usersearch.php,(3)group/membersearchresults.json.php或(4)json/friendsearch.php有关的请求,获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A