Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Vulnerability Description
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Precurio Intranet Portal 代码问题漏洞
Vulnerability Description
Precurio Intranet Portal是美国Precurio公司的一个文档管理门户系统。 Precurio Intranet Portal 2.0版本存在代码问题漏洞,该漏洞源于/public/admin/user/submitnew端点存在跨站请求伪造,可能导致未经身份验证创建管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A