https://blog.qife122.com/tags/%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BC%BA%E5%A4%B1/ Recent content in 身份验证缺失 on 办公AI智能小助手 Hugo zh-cn qife Tue, 09 Dec 2025 09:12:29 +0800 https://blog.qife122.com/p/mautic-%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BC%BA%E5%A4%B1%E6%BC%8F%E6%B4%9Ecve-2025-13828%E5%85%81%E8%AE%B8%E9%9D%9E%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%AE%89%E8%A3%85%E5%92%8C%E5%8D%B8%E8%BD%BDcomposer%E5%8C%85/ Tue, 09 Dec 2025 09:12:29 +0800 https://blog.qife122.com/p/mautic-%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BC%BA%E5%A4%B1%E6%BC%8F%E6%B4%9Ecve-2025-13828%E5%85%81%E8%AE%B8%E9%9D%9E%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%AE%89%E8%A3%85%E5%92%8C%E5%8D%B8%E8%BD%BDcomposer%E5%8C%85/ <h1 id="cve-2025-13828---mautic-中无特权访问市场的用户可以安装和卸载-composer-软件包">CVE-2025-13828 - Mautic 中无特权访问市场的用户可以安装和卸载 Composer 软件包</h1> <h2 id="概述">概述</h2> <h2 id="描述">描述</h2> <p><strong>摘要</strong> 即使在更新设置中禁用了基于 Composer 更新的标志，非特权用户仍可通过 Composer 为基于 Composer 的安装安装和删除任意软件包。</p>