Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Adapt Authoring Tool 安全漏洞
Vulnerability Description
Adapt Authoring Tool是Adapt Learning开源的一款免费且易于使用的电子学习创作工具。 Adapt Authoring Tool存在安全漏洞,该漏洞源于包含一个NoSQL注入漏洞。未经身份验证的攻击者通过Reset password功能可以重置用户和管理员帐户密码。
CVSS Information
N/A
Vulnerability Type
N/A