Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints
Vulnerability Description
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Pachno 跨站请求伪造漏洞
Vulnerability Description
Pachno是Pachno开源的一个用于协作的开源平台。 Pachno 1.0.6版本存在跨站请求伪造漏洞,该漏洞源于缺少跨站请求伪造保护,可能导致攻击者在经过身份验证的用户上下文中执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A