CNNVD-202509-2682 Information

CNNVD ID

CNNVD-202509-2682

Related CVE

CVE-2025-59416

• CNNVD Published: 2025-09-17

Description (Chinese)

The Scratch Channel是The Scratch Channel开源的一个项目网站。 The Scratch Channel 1.2之前版本存在安全漏洞，该漏洞源于API使用POST请求时未验证用户权限，可能导致任意文章创建和管理员变更。

Description (English)

The Scratch Channel is an open-source project for The Scratch Channel. There was a security loophole in the pre-Scratch Channel 1.2 version, which originated from the failure to verify user privileges when API used POST requests, which could lead to any creation of articles and changes in administrators.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

The Scratch Channel

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-775w-g375-pjff

Patch

https://github.com/The-Scratch-Channel/tsc-web-client/releases