Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NetArt Media Car Portal 多个跨站请求伪造漏洞
Vulnerability Description
NetArt Media Car Portal是一款基于WEB的应用程序。 NetArt Media Car Portal 3.0版本中存在多个跨站请求伪造漏洞。远程攻击者利用该漏洞将发送(1)通过安全模块中的nouveau操作传送到cars/ADMIN/index.php脚本,更改任意用户密码;通过home模块中sub_accounts传送到操作USERS/index.php脚本,(2)创建用户或(3)创建子用户或(4)通过配置模块中的编辑操作传送到USERS/index.php脚本,更改个人资料信息等
CVSS Information
N/A
Vulnerability Type
N/A