漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations
Vulnerability Description
Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the <VolumeName> volume" and "Create assets in the <VolumeName> volume." Versions 4.17.9 and 5.9.15 patch the issue.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Craft CMS 代码问题漏洞
Vulnerability Description
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS存在代码问题漏洞,该漏洞源于容易受到服务端请求伪造攻击。以下版本受到影响:4.x分支至4.17.8版本和5.x分支至5.9.14版本。
CVSS Information
N/A
Vulnerability Type
N/A