Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mahara信息泄露漏洞
Vulnerability Description
Catalyst Mahara是新西兰Catalyst IT公司的一套社交网络系统。该系统包含博客、履历表生成器、文件管理器等。 Mahara 1.3.6之前版本不能正确处理wwwroot配置设置中的https URL。用户协助的远程攻击者更容易在http URL被用于登录的同时通过嗅探网络,获得证书。
CVSS Information
N/A
Vulnerability Type
N/A