漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bagisto Missing Authentication on Installer API Endpoints
Vulnerability Description
Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints (`/install/api/*`) are directly accessible and exploitable without any authentication. An attacker can bypass the Ib installer entirely by calling the API endpoints directly. This allows any unauthenticated attacker to create admin accounts, modify application configurations, and potentially overwrite existing data. Version 2.3.10 fixes the issue.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Webkul Software Bagisto 访问控制错误漏洞
Vulnerability Description
Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.10之前版本存在访问控制错误漏洞,该漏洞源于安装完成后API路由仍处于活动状态且无需身份验证,可能导致未经验证的攻击者创建管理员账户和修改配置。
CVSS Information
N/A
Vulnerability Type
N/A