Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php
Vulnerability Description
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Zsoft OOP CMS BLOG 跨站请求伪造漏洞
Vulnerability Description
Zsoft OOP CMS BLOG是孟加拉国Zsoft公司的一个内容管理系统博客程序。 Zsoft OOP CMS BLOG 1.0版本存在跨站请求伪造漏洞,该漏洞源于addUser.php存在跨站请求伪造问题,可能导致未经验证的攻击者创建管理员用户账户。
CVSS Information
N/A
Vulnerability Type
N/A