Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HelpBox 登录绕过漏洞
Vulnerability Description
Layton Helpbox是一套基于Web的桌面帮助系统。 HelpBox中存在登录绕过漏洞,该漏洞源于如下cookies控制用户登录会话,修改后可以用管理员或其他用户登录。攻击者利用该漏洞将‘loggedinuserusergroup’设置为‘administrator’可获得全部权限: loggedinenduser,loggedinendusername,loggedinuserusergroup (administrator),loggedinuser,loggedinusername。Help
CVSS Information
N/A
Vulnerability Type
N/A