漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Ghost: Paid gift memberships obtainable at minimal cost via the donations feature
Vulnerability Description
Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing money from a site or its members. This issue is fixed in version 6.44.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对假设不可变Web参数的外部可控制
Vulnerability Title
Ghost 输入验证错误漏洞
Vulnerability Description
Ghost是Ghost基金会开源的一款内容管理平台。 Ghost 6.27.0版本至6.44.0之前版本存在安全漏洞,该漏洞源于捐赠结算流程存在输入验证错误,可能导致未经验证的攻击者控制捐赠结算元数据,以最低付款获取完整付费礼品会员资格。
CVSS Information
N/A
Vulnerability Type
N/A