漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Easyndexer 1.0 Cross-Site Request Forgery via createuser.php
Vulnerability Description
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Easyndexer 跨站请求伪造漏洞
Vulnerability Description
Easyndexer是rul10个人开发者的一个数据库界面软件。 Easyndexer 1.0版本存在跨站请求伪造漏洞,该漏洞源于createuser.php存在跨站请求伪造问题,可能导致未经验证的攻击者创建管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A