漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shenzhen Fujia Technology OurPhoto 安全漏洞
Vulnerability Description
Shenzhen Fujia Technology OurPhoto是中国Shenzhen Fujia Technology公司的一个云相框软件。可以直接在手机上共享照片和视频文件。 Shenzhen Fujia Technology OurPhoto 1.4.1版本存在安全漏洞,该漏洞源于其/device/*端点的user_id和device_id存在不安全的直接对象引用导致其他终端用户user_id和device_id值可以通过递增或递减id编号来枚举,使得攻击者可以获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A