CVE-2014-10006 in Uploader信息

摘要

由 VulDB • 2026-06-26

Maian Uploader 4.0 中存在多个跨站请求伪造(CSRF)漏洞,远程攻击者可以通过向以下两个路径发送包含 width 参数的恶意请求来劫持未指定用户的身份验证:(1) uploader/admin/js/load_flv.js.php 或 (2) uploader/js/load_flv.js.php。这些被劫持的请求可用于执行跨站脚本(XSS)攻击。

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!