Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pixel&tonic Craft CMS 授权问题漏洞
Vulnerability Description
Pixel&tonic Craft CMS是美国Pixel&tonic公司的一套内容管理系统(CMS)。 Craft CMS 3.7.36版本存在安全漏洞,该漏洞源于存在密码重置中毒漏洞。攻击者利用该漏洞操纵密码重置功能。
CVSS Information
N/A
Vulnerability Type
N/A