Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tildeslash M/Monit 跨站请求伪造漏洞
Vulnerability Description
Tildeslash M/Monit是挪威Tildeslash公司的一套基于Unix系统的监控软件。该软件可对系统状态、进程、文件、目录和设备等进行监控。 Tildeslash M/Monit 3.3.2及之前版本中存在跨站请求伪造漏洞,该漏洞源于/admin/users/update URL没有充分过滤‘fullname’和‘password’参数。远程攻击者可利用该漏洞修改用户密码。
CVSS Information
N/A
Vulnerability Type
N/A