漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation
Vulnerability Description
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
会话固定
Vulnerability Title
CollegeManagementSystem 授权问题漏洞
Vulnerability Description
CollegeManagementSystem是Tittu Varghese个人开发者的一款高校学生与教务综合管理系统。 CollegeManagementSystem存在授权问题漏洞,该漏洞源于/login-form.php文件中session_start函数对UserAuthData参数操作不当,可能导致会话固定。
CVSS Information
N/A
Vulnerability Type
N/A