漏洞标题
百度UEditor无限制上传
漏洞描述信息
在百度UEditor 1.4.3.3中发现了一个漏洞,已被归类为存在问题。影响的文件路径为/ueditor/php/controller.php?action=uploadfile&encode=utf-8中的未知部分。通过操作参数upfile,导致无限制上传。攻击可以远程发起。漏洞已被公开披露并可能被利用。此漏洞的标识符为VDB-273273。需要注意的是,此披露初期已经联系了供应商,但未收到任何回复。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Baidu UEditor unrestricted upload
漏洞描述信息
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Baidu UEditor 代码问题漏洞
漏洞描述信息
Baidu UEditor是中国百度(Baidu)公司的一款所见即所得富文本Web编辑器。 Baidu UEditor 1.4.3.3版本存在代码问题漏洞,该漏洞源于对参数upfile的操作会导致不受限制的上传。
CVSS信息
N/A
漏洞类别
代码问题