Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure direct object reference (IDOR) vulnerability in H6Web
Vulnerability Description
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/ha_datos_hermano.php” endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Anapi h6web 安全漏洞
Vulnerability Description
Anapi h6web是Anapi公司的一个管理软件。 Anapi h6web存在安全漏洞,该漏洞源于存在不安全的直接对象引用漏洞,会导致攻击者获取其他用户信息。
CVSS Information
N/A
Vulnerability Type
N/A