漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MyTube has an Improper Access Control that Allows Complete Application Takeover
Vulnerability Description
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a full compromise of the application. The bypass is relevant for other POST routes as well. Version 1.8.69 fixes the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
MyTube 安全漏洞
Vulnerability Description
MyTube是Peifan Li个人开发者的一个视频自托管下载器和播放器。 MyTube 1.8.69之前版本存在安全漏洞,该漏洞源于/api/settings/import-database端点存在授权绕过,可能导致低权限攻击者上传并替换应用程序的SQLite数据库,从而完全控制应用程序。
CVSS Information
N/A
Vulnerability Type
N/A