Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LabCup 授权问题漏洞
Vulnerability Description
LabCup是爱尔兰LabCup公司的一个实验室和研究机构软件管理系统。可帮助学术研究人员和安全官员进行化学品库存管理、风险评估和合规性。 LabCup 中存在授权问题漏洞,该漏洞源于可以使用 save API 为没有用户管理权限的用户执行未经授权的操作,攻击者可通过该漏洞给获得其他用户的敏感信息。以下产品及型号会受到影响:LabCup v2_next_18022之前版本。
CVSS Information
N/A
Vulnerability Type
N/A