CNNVD-202510-3235 Information
CNNVD ID
CNNVD-202510-3235
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
SharewareZ是Axe个人开发者的一个游戏文件夹转换工具。 SharewareZ 2.4.3版本存在安全漏洞,该漏洞源于密码重置组件未固定SERVER_NAME,可能导致密码重置投毒和账户接管。
Description (English)
ShareawareZ is a game folder conversion tool for Axe personal developers. There is a security loophole in version SharwareZ 2.4.3, which stems from the unfixed SERVER NAME of the password replacement component, which may lead to the re-loading of the password and the taking over of the account.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-23
Last Modified
2026-02-24
References
https://drive.google.com/file/d/15X5L1uEqgWOLrjKqm96cEPAWp2ph0zJp/view?usp=sharing https://gist.github.com/BrookeYangRui/145e529b5fd4f56af299efde37edf4fa https://github.com/axewater/sharewarez/blob/d04c90b7dc3fbae1596f731d1b168d3fb9fdd2df/modules/routes_login.py#L188-L217 https://github.com/axewater/sharewarez/blob/d04c90b7dc3fbae1596f731d1b168d3fb9fdd2df/modules/utils_smtp.py#L191-L206 https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning https://access.redhat.com/security/cve/cve-2025-61136
Patch
https://github.com/axewater/sharewarez/releases
Share on: