Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Serpico 安全漏洞
Vulnerability Description
Serpico是Serpico项目的一款渗透测试报告生成和协作工具。 Serpico 1.3.3之前版本中存在安全漏洞,该漏洞源于已认证的非管理员用户可以请求/admin/attacments_backup端点。攻击者可利用该漏洞检索数据库中所有用户(包括管理员)的所有附件。
CVSS Information
N/A
Vulnerability Type
N/A