漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Access Control in UI upgrade process
Vulnerability Description
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Mautic 安全漏洞
Vulnerability Description
Mautic是Mautic开源的一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 1.1.3及之前版本存在安全漏洞,该漏洞源于执行更新过程的用户界面逻辑中,缺乏访问控制以验证是否具有执行任务的权限,可能允许攻击者未经授权访问Mautic版本号或执行部分升级过程。
CVSS Information
N/A
Vulnerability Type
N/A