Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unverified password change vulnerability in Janto
Vulnerability Description
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
未经验证的口令修改
Vulnerability Title
Janto Ticketing 安全漏洞
Vulnerability Description
Janto Ticketing是Janto公司的一个票务软件。 Janto Ticketing r12之前版本存在安全漏洞,该漏洞源于存在未验证的密码更改功能,允许未授权用户更改他人密码。
CVSS Information
N/A
Vulnerability Type
N/A