Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Brave CMS has an Insecure Direct Object Reference in Article Image Deletion
Vulnerability Description
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL but does not verify ownership. This allows an authenticated user with edit permissions to delete images attached to articles owned by other users. This vulnerability is fixed in 2.0.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Brave CMS 安全漏洞
Vulnerability Description
Brave CMS是Razvan Zamfir个人开发者的一个基于Laravel的博客与新闻内容管理系统。 Brave CMS 2.0.6之前版本存在安全漏洞,该漏洞源于文章图片删除功能存在不安全的直接对象引用,可能导致经过身份验证的用户删除其他用户的图片。
CVSS Information
N/A
Vulnerability Type
N/A