Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SysReptor Susceptible to Privilege Escalation by Authenticated Users
Vulnerability Description
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
Syslifters Sysreptor 安全漏洞
Vulnerability Description
Syslifters Sysreptor是Syslifters公司的一个渗透测试报告平台。 Syslifters Sysreptor 2024.74版本至2025.83之前版本存在安全漏洞,该漏洞源于允许非特权用户分配is_project_admin权限,可能导致未经授权访问、修改和删除渗透测试项目。
CVSS Information
N/A
Vulnerability Type
N/A