Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
demozx gf_cms JWT Authentication auth.go init hard-coded credentials
Vulnerability Description
A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
gf_cms 信任管理问题漏洞
Vulnerability Description
gf_cms是demozx个人开发者的一个基于 GoFrameV2 的网站内容管理系统。 gf_cms 1.0版本和1.0.1版本存在信任管理问题漏洞,该漏洞源于 JWT Authentication 组件的 internal/logic/auth/auth.go 页面存在使用硬编码凭据问题。
CVSS Information
N/A
Vulnerability Type
N/A