Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Q-Free MAXTIME Suite 安全漏洞
Vulnerability Description
Q-Free MAXTIME Suite是Q-Free公司的一个用于本地交通信号管理的软件套件。 Q-Free MAXTIME Suite 2.11.0版本及之前版本存在安全漏洞,该漏洞源于maxprofile/user-groups/routes.lua中缺少授权。攻击者利用该漏洞可以通过特制的HTTP请求创建任意用户组。
CVSS Information
N/A
Vulnerability Type
N/A