Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access
Vulnerability Description
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Agentejo Cockpit CMS 授权问题漏洞
Vulnerability Description
Agentejo Cockpit CMS是德国Agentejo组织的一款内容管理系统软件。 Agentejo Cockpit CMS 0.12.2及之前版本存在安全漏洞,该漏洞源于htaccess Handler组件的文件/config/config.yaml中的Spyc::YAMLLoad函数问题,导致文件或目录可被远程访问。
CVSS Information
N/A
Vulnerability Type
N/A