Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneNav API improper authentication
Vulnerability Description
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
OneNav 授权问题漏洞
Vulnerability Description
OneNav是使用PHP开发的简约导航/书签管理系统。 OneNav 0.9.33版本及之前版本存在授权问题漏洞,该漏洞源于对参数 X-Token 的错误操作会导致身份验证不正确。
CVSS Information
N/A
Vulnerability Type
N/A