Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay
Vulnerability Description
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
novel-plus 安全漏洞
Vulnerability Description
novel-plus是xxy个人开发者的一个小说阅读软件。 novel-plus 5.1.3及之前版本存在安全漏洞,该漏洞源于函数ajaxLogin的错误操作,导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A