Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search
Vulnerability Description
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
将私有的资源传输到一个新的空间(资源泄露)
Vulnerability Title
Crafter CMS 安全漏洞
Vulnerability Description
Crafter CMS是一套面向数字体验应用程序的开源内容管理系统(CMS)。 Crafter CMS 3.1到3.1.15版本存在安全漏洞,该漏洞源于软件存在资源泄漏,将私有资源传递到新领域。在Crafter Search中将资源暴露到错误的领域。这允许未经身份验证的远程攻击者可利用该漏洞创建、查看和删除搜索索引。
CVSS Information
N/A
Vulnerability Type
N/A