Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HAX CMS Backend Lacks Comprehensive Authorization Checks
Vulnerability Description
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP versions of the CMS do not verify that a user has permission to interact with a resource before performing a given operation. The API endpoints within the HAX CMS application check if a user is authenticated, but don't check for authorization before performing an operation. This is fixed in versions 11.0.14 of haxcms-nodejs and 11.0.9 of haxcms-php.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
HAX 安全漏洞
Vulnerability Description
HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX存在安全漏洞,该漏洞源于API端点未执行授权检查,可能导致未经授权的资源交互。
CVSS Information
N/A
Vulnerability Type
N/A