Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cobalt RaQ XTR MultiFileUpload.php绕过认证漏洞
Vulnerability Description
Cobalt RaQ是一个基于internet的服务器程序,由Sun微系统公司发布和维护。 Cobalt RaQ的"MultiFileUpload.php"文件访问设置上存在问题,远程攻击者可以利用此漏洞上传任意文件到服务器,本地用户可能利用此漏洞得到主机的root权限。 Cobalt RaQ的其他管理脚本受HTTP认证口令的保护,但"MultiFileUpload.php"脚本却没有,远程攻击者无需任何认证就可以使用此脚本以任意用户的身份上传文件。更糟的是上传的文件是以可预见的文件名存放在/tmp目录下
CVSS Information
N/A
Vulnerability Type
N/A