Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Orchard Core CMS - Improper Session Termination after Password Change
Vulnerability Description
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
OrchardCMS 代码问题漏洞
Vulnerability Description
OrchardCMS是使用 ASP.NET Core 构建的开源模块化和多租户应用程序框架,以及构建在该框架之上的内容管理系统 (CMS)。 OrchardCMS 存在代码问题漏洞,该漏洞源于在“Orchard core CMS”应用程序中,版本 1.0.0-beta1-3383 到 1.0.0 容易在密码更改后会话不正确终止。当用户或管理员更改密码时,即使在更改密码后,已经登录的用户仍然可以访问应用程序。
CVSS Information
N/A
Vulnerability Type
N/A