Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient data authenticity vulnerability in Janto
Vulnerability Description
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Janto Ticketing 数据伪造问题漏洞
Vulnerability Description
Janto Ticketing是Janto公司的一个票务软件。 Janto Ticketing r12之前版本存在数据伪造问题漏洞,该漏洞源于数据真实性验证不足,允许未授权用户修改密码重置邮件内容。
CVSS Information
N/A
Vulnerability Type
N/A