漏洞标题
Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 职责:写入 - 上传文件 UploadFile.ashx 无权限上传
漏洞描述信息
孙创山洪灾害防治监测预警系统职责写入文件上传File UploadFile.ashx无限制上传
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Write-UploadFile UploadFile.ashx unrestricted upload
漏洞描述信息
A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-233578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 代码问题漏洞
漏洞描述信息
Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System是Suncreate公司的一个山洪灾害预防监测和预警系统。 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 20230706及之前版本存在代码问题漏洞,该漏洞源于文件/Duty/AjaxHandle/Write/UploadFile.a
CVSS信息
N/A
漏洞类别
代码问题