Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vivoh Webinar Manager 授权问题漏洞
Vulnerability Description
Vivoh Webinar Manager是Vivoh团队的一个组播应用程序管理器。 Vivoh Webinar Manager 3.6.3.0 版本之前 API 存在安全漏洞,该漏洞源于API 验证不正确。当用户登录到管理配置 Web Portlet 时,会分配一个 VIVOH_AUTH cookie,以便可以唯一地识别它们。 某些 API 无需适当的身份验证即可成功执行。 这可以让攻击者冒充受害者并代表他们发出状态更改请求。
CVSS Information
N/A
Vulnerability Type
N/A