Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ABC ERP 0.6.4 Cross-Site Request Forgery via _configurar_perfil.php
Vulnerability Description
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
ABC ERP 跨站请求伪造漏洞
Vulnerability Description
ABC ERP是ABC ERP公司的一个企业资源规划系统。 ABC ERP 0.6.4版本存在跨站请求伪造漏洞,该漏洞源于_configurar_perfil.php存在跨站请求伪造,可能导致未经身份验证修改管理员凭据。
CVSS Information
N/A
Vulnerability Type
N/A