Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses
Vulnerability Description
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
HAX 日志信息泄露漏洞
Vulnerability Description
HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX25.0.0之前版本存在日志信息泄露漏洞,该漏洞源于/server-status端点公开可访问,可能导致未经验证的用户获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A