Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Strapi 输入验证错误漏洞
Vulnerability Description
Strapi是一套开源的无头内容管理系统(CMS)。 Strapi 3.0.2之前版版本中存在安全漏洞,该漏洞源于程序没有进行任意的清理操作便把模板存储在全局变量中。远程攻击者可通过发送特制的请求利用该漏洞上传邮件模板。
CVSS Information
N/A
Vulnerability Type
N/A