Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vesta CP 信息泄露漏洞
Vulnerability Description
Vesta CP是一款开源的主机控制面板。 Vesta CP 0.9.8-18之前版本(commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0之前版本)中的web/reset/index.php文件存在信息泄露漏洞。攻击者可利用该漏洞修改管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A