Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Endymion Sake Mail NULL字符可导致文件泄露漏洞
Vulnerability Description
Endymion Sake Mail 是一款基于WEB的邮件应用程序,运行在多种Unix和Linux系统平台下,也可运行于Windows平台下,由JAVA语言实现。 Endymion Sake Mail对用户输入没有进行过滤,可导致远程用户查看目标系统上任意文件内容。 远程攻击者可以通过提交包含连续(../)并在请求文件名后追加NULL字符(%00)的HTTP请求,可导致突破wwwroot目录限制并以sakemail的权限读取目标系统上的任意文件或者/xml文件内容。 由于xml-parser的行为特征在
CVSS Information
N/A
Vulnerability Type
N/A