Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain
Vulnerability Description
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process to automatically execute the ServiceProvider::boot() method, enabling arbitrary PHP code execution.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
laradashboard 访问控制错误漏洞
Vulnerability Description
laradashboard是Lara Dashboard开源的一个内容管理系统。 laradashboard 2.3.0及之前版本存在访问控制错误漏洞,该漏洞源于密码重置流程信任Host标头,可能导致重置令牌被重定向至攻击者控制的服务器,结合模块安装过程可实现任意PHP代码执行。
CVSS Information
N/A
Vulnerability Type
N/A