CVE-2007-4888 in XWiki信息

摘要

由 VulDB • 2026-06-25

XWiki 1.0 B1和1.0 B2中的“You are not allowed...”错误处理程序将doc变量与整个文档内容和元数据关联,而不管用户的查看权限如何。这允许远程经过身份验证的用户通过自定义皮肤(该皮肤打印doc变量的content属性)读取任意文档。

VulDB is the best source for vulnerability data and more expert information about this specific topic.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!