漏洞标题
泛微E办公室OA后台save_image.php路径遍历漏洞
漏洞描述信息
在Panwei eoffice OA 9.5及以下版本中发现一个漏洞,该漏洞已被宣告为严重。此漏洞影响组件Backend中file/general/system/interface/theme_set/save_image.php文件的未知代码。操纵image_type参数会导致路径遍历漏洞:'../filedir'。攻击可以远程发起。该漏洞的利用方法已被公开,可能会被利用。此漏洞的标识符为VDB-259072。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Panwei eoffice OA Backend save_image.php path traversal
漏洞描述信息
A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259072.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
漏洞类别
路径遍历:’../filedir’
漏洞标题
eoffice 安全漏洞
漏洞描述信息
eOffice是eOffice公司的一个电子办公系统。 eoffice OA 9.5及之前版本存在安全漏洞,该漏洞源于文件/general/system/interface/theme_set/save_image.php存在路径遍历漏洞。
CVSS信息
N/A
漏洞类别
其他