Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TitanSystems Zender 安全漏洞
Vulnerability Description
TitanSystems Zender是菲律宾TitanSystems公司的一款消息网关软件。 TitanSystems Zender 3.9.7版本存在安全漏洞,该漏洞源于密码重置功能中令牌与用户关联验证不当,可能导致账户接管和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A