Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UliCMS 2023.1 Privilege Escalation via Unauthenticated Admin Account Creation
Vulnerability Description
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
UliCMS 安全漏洞
Vulnerability Description
UliCMS是UliCMS开源的一个内容管理系统(CMS)。该系统支持访问控制和所见即所得编辑等功能。 UliCMS 2023.1版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过UserController端点创建管理员账户,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A