Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
facileManager Privilege Escalation via Mass Assignment
Vulnerability Description
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
facileManager 安全漏洞
Vulnerability Description
facileManager是facileManager公司的一套模块化的 Web 应用程序。 facileManager 4.5.0版本及之前版本存在安全漏洞,该漏洞源于权限管理不当。
CVSS Information
N/A
Vulnerability Type
N/A