Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ruifang-tech Rebuild Admin Verification Page admin-verify redirect
Vulnerability Description
A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Ruifang-tech Rebuild 安全漏洞
Vulnerability Description
Ruifang-tech Rebuild是中国锐昉(Ruifang-tech)公司的一个零代码、开源免费的企业管理系统。 Ruifang-tech Rebuild 3.8.6版本存在安全漏洞。攻击者利用该漏洞通过使用输入 http://localhost/evil.html 对参数 nexturl 进行错误操作会导致开放重定向。
CVSS Information
N/A
Vulnerability Type
N/A