Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CloudPanel Community Edition HTTP Header users redirect
Vulnerability Description
A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
CloudPanel 输入验证错误漏洞
Vulnerability Description
CloudPanel是CloudPanel开源的一款免费软件。用于配置和管理服务器。 CloudPanel 2.5.1及之前版本存在输入验证错误漏洞,该漏洞源于对组件HTTP Header Handler中文件/admin/users参数Referer的错误操作,可能导致重定向。
CVSS Information
N/A
Vulnerability Type
N/A