漏洞标题
PandaXGO熊猫X文件扩展upload.go无限制上传
漏洞描述信息
在PandaXGO的PandaX版本(截至20240310)中发现了一个漏洞。它被分类为关键性漏洞。受影响的是File Extension Handler组件中/apps/system/router/upload.go文件的一个未知函数。通过操纵参数file,导致了无限制的上传。攻击有可能远程发起。该漏洞已经被公开披露,并可能被利用。这个漏洞的标识符是VDB-257064。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
PandaXGO PandaX File Extension upload.go unrestricted upload
漏洞描述信息
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
PandaX 代码问题漏洞
漏洞描述信息
PandaX是PandaX开源的一个 Go 语言开源的企业级物联网平台低代码开发框架。 PandaX 20240310版本及之前版本存在代码问题漏洞,该漏洞源于对参数file的错误操作会导致文件不受限制的上传。
CVSS信息
N/A
漏洞类别
代码问题