Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Vulnerability Description
Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The issue has been addressed in version 14.5.0. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Orchid 代码问题漏洞
Vulnerability Description
Orchid是一个 @laravel 包,允许快速开发后台应用程序、管理/用户面板和仪表板。 Orchid 14.5.0之前版本存在代码问题漏洞,该漏洞源于存在不受信任的数据反序列化,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A