Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Subsonic 跨站请求伪造漏洞
Vulnerability Description
Subsonic是软件开发者Sindre Mehus开发和维护的一个媒体文件托管平台。 Subsonic 6.1.1版本中的Podcast功能存在跨站请求伪造漏洞。远程攻击者可通过向podcastReceiverAdmin.view发送‘add’参数或向networkSettings.view发送‘urlRedirectCustomUrl’参数利用该漏洞订阅博客或更新Radio Settings。
CVSS Information
N/A
Vulnerability Type
N/A