Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Symbiote Seed Login SecurityLoginExtension.php onBeforeSecurityLogin redirect
Vulnerability Description
A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Symbiote Seed 输入验证错误漏洞
Vulnerability Description
Symbiote Seed是一组为 SilverStripe 网站构建奠定了坚实的基础的模块。 Symbiote Seed 6.0.3之前版本存在输入验证错误漏洞,该漏洞源于组件Login中code/extensions/SecurityLoginExtension.php文件的onBeforeSecurityLogin函数存在问题,对参数URL的操作会导致开放重定向。
CVSS Information
N/A
Vulnerability Type
N/A