漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WBCE CMS allows brute-force protection bypass using X-Forwarded-For header
Vulnerability Description
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS Information
N/A
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
WBCE CMS 安全漏洞
Vulnerability Description
WBCE CMS是WBCE CMS开源的一套基于PHP和MySQL的开源内容管理系统(CMS)。 WBCE CMS 1.6.4版本存在安全漏洞,该漏洞源于暴力破解保护绕过,可能导致无限密码猜测尝试。
CVSS Information
N/A
Vulnerability Type
N/A