漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users
Vulnerability Description
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions (regenerate-yaml, apply-yaml-changes) without authentication. This issue has been patched in versions 4.17.8 and 5.9.14.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Craft CMS 安全漏洞
Vulnerability Description
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 4.17.8之前版本和5.9.14之前版本存在安全漏洞,该漏洞源于Config Sync更新程序索引未进行身份验证,可能导致未经授权的状态更改操作。
CVSS Information
N/A
Vulnerability Type
N/A