漏洞标题
Arno0x两因素身份验证登录.php重定向
漏洞描述信息
Arno0x TwoFactorAuth中发现了一个被归类为有问题的漏洞。这影响了文件login/login.php的未知部分。操纵参数from会导致开放重定向。攻击可以远程发起。该产品不使用版本控制。这就是为什么没有关于受影响和未受影响版本的信息。该补丁的名称为8549ad3cf197095f783643e41333586d6a4d0e54。建议应用补丁以解决此问题。与该漏洞关联的标识符是VDB-223803。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Arno0x TwoFactorAuth login.php redirect
漏洞描述信息
A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
漏洞类别
指向未可信站点的URL重定向(开放重定向)
漏洞标题
TwoFactorAuth 输入验证错误漏洞
漏洞描述信息
TwoFactorAuth是Arno0x个人开发者的用 PHP 编写的双因素身份验证门户网站。 Arno0x TwoFactorAuth 存在输入验证错误漏洞,该漏洞源于文件 login/login.php 中的未知部分,通过参数 from 导致重定向。
CVSS信息
N/A
漏洞类别
输入验证错误