Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
flaskBlog arbitrary comment delete
Vulnerability Description
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
FlaskBlog 安全漏洞
Vulnerability Description
FlaskBlog是Doğukan Ürker个人开发者的一个使用 Flask 构建的简单博客应用程序。 FlaskBlog 2.8.0及之前版本存在安全漏洞,该漏洞源于未验证评论所有权可能导致任意删除评论。
CVSS Information
N/A
Vulnerability Type
N/A