Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TeamPass 安全漏洞
Vulnerability Description
TeamPass是一款专用于Apache、MySQL和PHP中的密码管理器。 TeamPass 2.1.27.9之前的版本中存在安全漏洞,该漏洞源于程序没有正确的强制执行项目访问控制。攻击者可通过篡改请求利用该漏洞复制、编辑和删除任意项目,删除任意项目的附件,将任意项目的密码复制到复制/粘贴缓冲区,编辑任意目录的属性。
CVSS Information
N/A
Vulnerability Type
N/A