漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
漏洞信息
N/A
漏洞
N/A
漏洞
Kailash Nadh boastMachinebmc/Inc/Lang目录文件上传漏洞
漏洞信息
Kailash Nadh boastMachine (以前的 bMachine) 3.1及之前版本的管理界面中的Languages选择可以使远程认证用户将带有任意扩展名的文件上传到bmc/Inc/Lang目录。 注: 由于上传的文件无法通过HTTP访问,只有存在本地用户能在其中打开或执行文件的使用方式时,此问题才算是漏洞。例如,带有可诱使用户打开文件的名称的恶意程序文件。
漏洞信息
N/A
漏洞
N/A