Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections
Vulnerability Description
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No ownership verification is performed before deleting collections. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Romm 安全漏洞
Vulnerability Description
Romm是The RomM Project开源的一款美观、强大、可自托管的 ROM 管理器和播放器。 Romm 4.4.1之前版本和4.4.1-beta.2之前版本存在安全漏洞,该漏洞源于缺少所有权验证,可能导致删除其他用户的集合。
CVSS Information
N/A
Vulnerability Type
N/A