Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LIVEBOX Collaboration vDesk 安全漏洞
Vulnerability Description
LIVEBOX Collaboration vDesk是LIVEBOX公司的一个应用程序。 LIVEBOX Collaboration vDesk v018之前版本存在安全漏洞,该漏洞源于存在授权逻辑缺陷,攻击者利用该漏洞可以执行权限升级到管理员角色,并窃取系统中任何用户的账户。
CVSS Information
N/A
Vulnerability Type
N/A