Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)
Vulnerability Description
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces and unrestricted access to all genealogy data associated with the compromised team. This vulnerability is fixed in 5.9.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Genealogy 安全漏洞
Vulnerability Description
Genealogy是KREAWEB.be个人开发者的一个的家谱PHP应用程序。 Genealogy 5.9.1之前版本存在安全漏洞,该漏洞源于存在访问控制漏洞,可能导致任意非个人团队的所有权被转移。
CVSS Information
N/A
Vulnerability Type
N/A