Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pixel&tonic Craft CMS 安全漏洞
Vulnerability Description
Pixel&tonic Craft CMS是美国Pixel&tonic公司的一套内容管理系统(CMS)。 Pixel&tonic Craft CMS 3.0.0 到 3.7.32版本存在安全漏洞,该漏洞源于公开使用反 CSRF 令牌中的电子邮件地址或用户名进行身份验证的用户的密码哈希。
CVSS Information
N/A
Vulnerability Type
N/A