漏洞标题
N/A
漏洞描述信息
PhpMyFactures 1.2 及以上版本允许远程攻击者绕过身份验证并修改数据,通过修改参数的直接请求发送到(1) /tva/ajouter_tva.php,(2) /remises/ajouter_remise.php,(3) /pays/ajouter_pays.php,(4) /pays/modifier_pays.php,(5) /produits/ajouter_cat.php,(6) /produits/ajouter_produit.php,(7) /clients/ajouter_client.php,(8) /clients/modifier_client.php。请注意:此信息的来源未知;部分细节从第三方信息获得。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PhpMyFactures 多个认证绕过漏洞
漏洞描述信息
PhpMyFactures 1.2 及之前版本远程攻击者借助对(1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clie
CVSS信息
N/A
漏洞类别
授权问题