Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsalted passwords in fobybus/social-media-skeleton
Vulnerability Description
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
social-media-skeleton 安全漏洞
Vulnerability Description
social-media-skeleton是fobybus个人开发者的一个使用 php、css、javascript 和 html 实现的未完成的社交媒体项目。 social-media-skeleton 1.0.5之前版本存在安全漏洞,该漏洞源于仅在客户端代码上对密码策略进行验证,导致攻击者能通过猜解密码对系统进行未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A