Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
Vulnerability Description
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Naviga Global GN4 Publishing System 安全漏洞
Vulnerability Description
Naviga Global GN4 Publishing System是美国Naviga Global公司的一个内容管理与发布系统。 Naviga Global GN4 Publishing System 2.6之前版本存在安全漏洞,该漏洞源于API中存在不安全的直接对象引用,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A