Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress
Vulnerability Description
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
FlatPress 跨站请求伪造漏洞
Vulnerability Description
FlatPress是FlatPress开源的一个轻量级、易于设置的平面文件博客引擎。 FlatPress存在跨站请求伪造漏洞。攻击者利用该漏洞可以启用或禁用插件。
CVSS Information
N/A
Vulnerability Type
N/A