Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun i-Runbook远程目录及文件内容泄露漏洞
Vulnerability Description
Sun i-Runbook是一款设计用于为SUN环境提供基于WEB的技术和管理规程的系统,i-Runbook提供WEB接口。 Sun i-Runbook的WEB接口对用户提交的URL请求缺少正确过滤,远程攻击者可以利用此漏洞提交畸形URL请求以WEB进程的权限查看系统中任意文件内容。 Sun i-Runbook包含的none.php脚本对用户提交的数据缺少正确处理,攻击者可以提交包含多个"..:.."字符,并追加想要查看的系统文件名或目录,服务程序在解析这个请求时由于处理错误会返回包含请求文件和目录的信息
CVSS Information
N/A
Vulnerability Type
N/A