Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WoWonder Group requests.php access control
Vulnerability Description
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Envato WoWonder 安全漏洞
Vulnerability Description
Envato WoWonder是澳大利亚 (Envato)公司的一个应用软件。提供一个PHP社交网络脚本。 Envato WoWonder存在安全漏洞。攻击者利用该漏洞通过group_id的操作在其他组中发布消息。
CVSS Information
N/A
Vulnerability Type
N/A