漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
quequnlong shiyi-blog optimize server-side request forgery
Vulnerability Description
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
shiyi-blog 安全漏洞
Vulnerability Description
shiyi-blog是bule个人开发者的一款vue+springboot前后端分离的博客系统。 shiyi-blog 1.2.1及之前版本存在安全漏洞,该漏洞源于对参数url的错误操作导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A