漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Strapi 授权问题漏洞
Vulnerability Description
Strapi是一套开源的无头内容管理系统(CMS)。 Strapi 3.6.0版本及之前版本存在安全漏洞,该漏洞允许获得有效会话访问权的攻击者通过更改密码来接管帐户。
CVSS Information
N/A
Vulnerability Type
N/A