Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroPlatform's pinned entity creation form shows pages of other users
Vulnerability Description
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OroPlatform 安全漏洞
Vulnerability Description
OroPlatform是一个 PHP 业务应用程序平台 (BAP),旨在使自定义业务应用程序的开发更容易、更快。 OroPlatform存在安全漏洞,该漏洞源于允许登录用户通过pageId哈希访问其他用户固定页面的页面状态数据。受影响的产品和版本:OroPlatform 4.2.0至4.2.10版本,5.0.0至5.0.12版本,5.1.0至5.1.3版本。
CVSS Information
N/A
Vulnerability Type
N/A