Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
openDCIM <= 23.04 Missing Authorization in install.php
Vulnerability Description
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
openDCIM 安全漏洞
Vulnerability Description
openDCIM是openDCIM开源的一个数据中心库存管理(DCIM)应用程序。 openDCIM 23.04版本存在安全漏洞,该漏洞源于install.php和container-install.php缺少授权检查,可能导致未经授权的应用配置修改。
CVSS Information
N/A
Vulnerability Type
N/A