Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IDOR make user can read e-mail log sent by other events
Vulnerability Description
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
alf.io 安全漏洞
Vulnerability Description
alf.io是开源票务预订系统。 alf.io 2.0-Mr-2402之前版本存在安全漏洞。攻击者利用该漏洞可以使用特制的请求来接收其他事件发送的电子邮件日志。
CVSS Information
N/A
Vulnerability Type
N/A