Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management
Vulnerability Description
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
特权管理不恰当
Vulnerability Title
Shenzhen Youkate Industrial Facial Love Cloud Payment System 安全漏洞
Vulnerability Description
Shenzhen Youkate Industrial Facial Love Cloud Payment System是中国深圳市优卡特实业有限公司(Shenzhen Youkate Industrial)公司的一个人脸爱心云支付系统。 Shenzhen Youkate Industrial Facial Love Cloud Payment System 1.0.55.0.0.1及之前版本存在安全漏洞,该漏洞源于文件/SystemMng.ashx参数operatorRole存在权限管理不当问题。
CVSS Information
N/A
Vulnerability Type
N/A