Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint
Vulnerability Description
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
PimpMyLog 安全漏洞
Vulnerability Description
PimpMyLog是法国Potsky开源的一个日志文件查看器和分析工具。 PimpMyLog 1.7.14版本存在安全漏洞,该漏洞源于访问控制不当,可能导致远程攻击者创建管理员账户并注入恶意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A