Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay
Vulnerability Description
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
My-Blog 安全漏洞
Vulnerability Description
My-Blog是ZHENFENG13个人开发者的由 SpringBoot + Mybatis + Thymeleaf 等技术实现的 Java 博客系统,页面美观、功能齐全、部署简单及完善的代码。 My-Blog 1.0.0版本存在安全漏洞,该漏洞源于Frontend Blog Article Comment Handler对认证请求缺乏保护,导致远程攻击者可利用捕获重放方式绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A