Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery
Vulnerability Description
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
dotCMS 跨站请求伪造漏洞
Vulnerability Description
dotCMS是美国dotCMS公司的一套内容管理系统(CMS)。该系统支持RSS订阅、博客、论坛等模块,并具有易于扩展和构建的特点。 dotCMS 3.7.1及之前版本中的管理面板存在跨站请求伪造漏洞。远程攻击者可利用该漏洞以用户权限执行操作或执行任意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A