Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Usercake 跨站请求伪造漏洞
Vulnerability Description
Usercake是一套开源的PHP用户管理系统。该系统提供用户管理、密码管理和用户信息管理等功能。 Usercake 2.0.2及之前版本的user_settings.php脚本中存在跨站请求伪造漏洞。远程攻击者可借助‘administrative’参数利用该漏洞更改管理员密码或借助‘email’参数更改管理员的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A