漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization
Vulnerability Description
A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
Student-Management-System 安全漏洞
Vulnerability Description
Student-Management-System是Cyber-III开源的一个学生信息管理系统。 Student-Management-System存在安全漏洞,该漏洞源于配置文件更新端点中文件controllers/AdminController.php的edit-admin函数对参数isadmin操作不当,可能导致授权不当。攻击者可远程利用。
CVSS Information
N/A
Vulnerability Type
N/A