Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The WikiManager REST API allows any user to create wikis
Vulnerability Description
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
XWiki Platform 授权问题漏洞
Vulnerability Description
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 15.10.15之前版本、16.4.6之前版本和16.10.0之前版本存在授权问题漏洞,该漏洞源于WikiManager REST API可能被利用创建新wiki。
CVSS Information
N/A
Vulnerability Type
N/A