Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Validation in Delete Message in Ampache
Vulnerability Description
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Ampache 跨站请求伪造漏洞
Vulnerability Description
Ampache是Ampache开源的一款基于Web的音频/视频应用程序和文件管理器。 Ampache 7.0.1版本存在跨站请求伪造漏洞,该漏洞源于当前的令牌解析实现在用户删除消息时没有充分验证 CSRF 令牌。
CVSS Information
N/A
Vulnerability Type
N/A