Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oxwall 跨站请求伪造漏洞
Vulnerability Description
Oxwall是Oxwall基金会的一套免费、开源的、基于PHP和MySQL的社区软件平台。该平台可通过后台管理系统来控制用户和任意内容、查看统计、管理广告等。 Oxwall 1.8之前版本中存在两个跨站请求伪造漏洞。远程攻击者可借助‘maintenance_enable’参数利用该漏洞将网站状态更改为正在维护;借助admin/pages/maintenance URI的‘maintenance_text’参数利用该漏洞实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A