Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
web@all 跨站请求伪造漏洞
Vulnerability Description
web@all是一款内容管理系统。 web@all 2.0版本中存在多个跨站请求伪造(CSRF)漏洞。攻击者可利用这些漏洞在受影响站点上下文中不知情用户浏览器中执行任意脚本代码,窃取基于cookie认证证书,添加、删除或修改敏感信息,或执行未授权操作,也可能存在其他攻击。
CVSS Information
N/A
Vulnerability Type
N/A