Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Easyndexer 1.0 Cross-Site Request Forgery via createuser.php
Vulnerability Description
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Easyndexer 跨站请求伪造漏洞
Vulnerability Description
Easyndexer是rul10个人开发者的一个数据库界面软件。 Easyndexer 1.0版本存在跨站请求伪造漏洞,该漏洞源于createuser.php存在跨站请求伪造问题,可能导致未经验证的攻击者创建管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A