Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Terminalfour 安全漏洞
Vulnerability Description
Terminalfour是美国Terminalfour公司的一个面向高等教育的数字营销和网络内容管理平台。 Terminalfour 8版本至8.4.1.1版本存在安全漏洞,该漏洞源于userLevel参数授权检查不足,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A