Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Naviwebs Navigate CMS 安全漏洞
Vulnerability Description
Naviwebs Navigate CMS是美国Naviwebs公司的一套开源的内容管理系统(CMS)。 Naviwebs Navigate CMS 2.9 r1433中存在安全漏洞,该漏洞源于程序将会话以及相关信息(例如CSRF令牌)存储在/private/sessions的明文文件中。攻击者可借助暴力破解利用该漏洞获取会话详细信息。
CVSS Information
N/A
Vulnerability Type
N/A