Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper regex in htaccess file
Vulnerability Description
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
Vulnerability Type
CWE-1284
Vulnerability Title
Mautic 访问控制错误漏洞
Vulnerability Description
Mautic是一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 存在访问控制错误漏洞,该漏洞源于 htaccess 文件中的正则表达式不正确。 远程攻击者可以在应用程序的根目录中执行特定的 PHP 文件。该漏洞允许远程攻击者未经授权访问其他受限功能。
CVSS Information
N/A
Vulnerability Type
N/A