Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
C-DATA Web Management System User Creation access control
Vulnerability Description
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
C-DATA Web Management System 访问控制错误漏洞
Vulnerability Description
C-DATA Web Management System是中国C-DATA公司的一款 Web 管理系统。 C-DATA Web Management System 20230607及之前版本存在访问控制错误漏洞,该漏洞源于文件/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1存在问题,对参数user/newpassword的操作会导致不正确的访问控制。
CVSS Information
N/A
Vulnerability Type
N/A