Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
Vulnerability Description
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
BookStack 访问控制错误漏洞
Vulnerability Description
BookStack是BookStack公司的一个简单、自托管、易于使用的平台。用于组织和存储信息。 BookStack 26.03及之前版本存在访问控制错误漏洞,该漏洞源于参数pages操作不当,可能导致访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A