在2023年对开源内容管理系统Masa CMS的安全评估中发现11个漏洞,部分可能导致服务器被接管。这表明即使开源软件也可能存在未被充分审查的安全风险。 2025-6-10 09:59:13 Author: www.reddit.com(查看原文) 阅读量:7 收藏
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
In 2023, During a security assessment of Masa CMS, an open-source content management system.
We discovered 11 vulnerabilities in Masa CMS, some allowing server takeover.
Why does it matter? Because it's easy to assume that "if it's open source, someone must have already reviewed it."
But the truth is:
No one looks until someone really looks.
Now, imagine if these vulnerabilities had been found by a malicious actor instead of a security researcher…
如有侵权请联系:admin#unsafe.sh