Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections
Vulnerability Description
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/private before returning collection data. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Romm 安全漏洞
Vulnerability Description
Romm是The RomM Project开源的一款美观、强大、可自托管的 ROM 管理器和播放器。 Romm 4.4.1之前版本和4.4.1-beta.2之前版本存在安全漏洞,该漏洞源于缺少所有权验证,可能导致读取其他用户的私有集合。
CVSS Information
N/A
Vulnerability Type
N/A