Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
gougucms User Registration Login.php reg_submit dynamically-determined object attributes
Vulnerability Description
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-915
Vulnerability Title
gougucms 安全漏洞
Vulnerability Description
gougucms(勾股CMS)是中国勾股(gougu)开源的一套基于 ThinkPHP6 + Layui + MySql 打造的轻量级的通用后台管理框架。 gougucms 4.08.18版本存在安全漏洞,该漏洞源于对文件gougucms-masterapphomecontrollerLogin.php中参数level的错误操作,可能导致动态确定对象属性。
CVSS Information
N/A
Vulnerability Type
N/A