漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Pimcore: Account Takeover via Password Reset URL Injection allows unauthenticated attacker to hijack any admin account with 2FA bypass
Vulnerability Description
Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server generates a real cryptographic recovery token, appends it to the supplied URL, and emails the link to the victim; when the victim clicks the link, the token is sent to the attacker and can be used with POST /pimcore-studio/api/login/token to authenticate with full admin privileges while bypassing two-factor authentication. This issue is fixed in versions 2025.4.6 and 2026.1.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
pimcore 授权问题漏洞
Vulnerability Description
Pimcore是Pimcore公司开源的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore 2025.4.6版本之前和2026.1.6版本之前存在授权问题漏洞,该漏洞源于密码重置功能问题,可能导致未经身份验证的攻击者知道有效管理员用户名后,通过发送带有攻击者控制的resetPasswordUrl的密码重置请求接管任何Pimcore管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A