漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses
Vulnerability Description
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
HAX 日志信息泄露漏洞
Vulnerability Description
HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX25.0.0之前版本存在日志信息泄露漏洞,该漏洞源于/server-status端点公开可访问,可能导致未经验证的用户获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A