漏洞标题
N/A
漏洞描述信息
Creasito电子商务内容管理器1.3.08允许远程攻击者通过非空finame参数绕过身份验证并执行特权功能,用于(1)addnewcont.php,(2)adminpassw.php,(3)amministrazione.php,(4)artins.php,(5)bgcolor.php,(6)cancartcat.php,(7)canccat.php,(8)cancelart.php,(9)cancontsit.php,(10)chanpassamm.php,(11)dele.php,(12)delecat.php,(13)delecont.php,(14)emailall.php,(15)gestflashtempl.php,(16)gestmagart.php,(17)gestmagaz.php,(18)gestpre.php,(19)input.php,(20)input3.php,(21)insnucat.php,(22)instempflash.php,(23)mailfc.php,(24)modfdati.php,(25)rescont4.php,(26)ricordo1.php,(27)ricordo4.php,(28)tabcatalg.php,(29)tabcont.php,(30)tabcont3.php,(31)tabstile.php,(32)tabstile3.php,(33)testimmg.php,(34)update.php在admin/目录下进行更新。
注意:其中一些信息从第三方信息中获取。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Creasito E-Commerce Content Manager 安全绕过漏洞
漏洞描述信息
Creasito E-Commerce Content Manager远程攻击者通过传给在admin/.内的(1)addnewcont.php,(2)adminpassw.php,(3)amministrazione.php,(4)artins.php,(5)bgcolor.php,(6)cancartcat.php,(7)canccat.php,(8)cancelart.php,(9)cancontsit.php,(10)chanpassamm.php,(11)dele.php,(12)delecat.
CVSS信息
N/A
漏洞类别
授权问题