Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
Vulnerability Description
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a station's operations can craft a custom HTTP request that would affect the contents of a station's database, without revealing any internal information about the station. In order to carry out an attack, a malicious user would need to know a valid SFTP station username and the coordinating internal filesystem structure. This issue is fixed in version 0.23.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
AzuraCast 安全漏洞
Vulnerability Description
AzuraCast是AzuraCast公司的一个简单的自托管网络广播管理套件。 AzuraCast 0.23.1版本存在安全漏洞,该漏洞源于错误包含仅供内部使用的API端点,可能导致数据库内容被篡改。
CVSS Information
N/A
Vulnerability Type
N/A