Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WinterChenS my-site Backend admin preHandle improper authentication
Vulnerability Description
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
my-site 安全漏洞
Vulnerability Description
my-site是WinterChenS个人开发者的基于springboot2.0开发的个人网站,集成了:个人首页,个人博客,个人作品。 my-site存在安全漏洞,该漏洞源于文件/admin/中参数uri处理不当导致身份验证缺陷。
CVSS Information
N/A
Vulnerability Type
N/A