漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pixel&tonic Craft CMS 安全漏洞
Vulnerability Description
Pixel&tonic Craft CMS是美国Pixel&tonic公司的一套内容管理系统(CMS)。 Pixel&tonic Craft CMS 3.0.0 到 3.7.32版本存在安全漏洞,该漏洞源于公开使用反 CSRF 令牌中的电子邮件地址或用户名进行身份验证的用户的密码哈希。
CVSS Information
N/A
Vulnerability Type
N/A