Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XCloner Standalone 跨站请求伪造漏洞
Vulnerability Description
XCloner Standalone是罗马尼亚XCloner公司的一套备份和恢复软件。该软件对网站提供了备份和恢复功能。 XCloner Standalone 3.5及之前的版本中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞通过向index2.php脚本发送配置任务请求,更改管理员密码或当开启enable_db_backup和sql_mem选项时,通过向index2.php脚本传递‘dbbackup_comp’参数并执行‘generate’操作,访问数据库备份功能。
CVSS Information
N/A
Vulnerability Type
N/A