Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PluXml 安全漏洞
Vulnerability Description
PluXml是PluXml开源的一个免费的开源内容管理系统,不需要数据库即可工作。 PluXml 5.8.22及之前版本存在安全漏洞,该漏洞源于反垃圾验证码功能细节暴露,可能导致自动脚本绕过验证码并发布垃圾评论。
CVSS Information
N/A
Vulnerability Type
N/A