2 matches found
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. versions of Discourse prior to 2.8.9, and prior to 2.9.0.beta10, contain an input validation error vulnerability that could be exploited by an attacker to add large text load...
Yelp: IDOR in locid parameter allowing to view others accounts Profile Locations
The application transmits in many occasions the locid parameter via URL, which means that this parameter may be being logged in plan text in the Apache server access.log, if not in others also. The fact that this happens, makes this parameter vulnerable not only to be read from this log file, but...