漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Snews CMS 1.7 Cross-Site Request Forgery via changeup
Vulnerability Description
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
sNews 跨站请求伪造漏洞
Vulnerability Description
sNews是sNews CMS个人开发者的一个基于PHP的轻量级内容管理系统。 sNews 1.7版本存在跨站请求伪造漏洞,该漏洞源于容易受到跨站请求伪造攻击,可能导致攻击者通过构造恶意HTML表单在未经身份验证的情况下更改管理员凭据。
CVSS Information
N/A
Vulnerability Type
N/A