漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
b2evolution 安全特征问题漏洞
Vulnerability Description
b2evolution是一套基于PHP和MySQL的社区内容管理系统。 b2evolution 7.2.3及之前版本存在安全特征问题漏洞,该漏洞源于可以通过使用不良随机函数来预测任何用户的密码,攻击者利用该漏洞可以获取任意用户的有效会话,并可选择重置他们的密码。
CVSS Information
N/A
Vulnerability Type
N/A