Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kailash Nadh boastMachinebmc/Inc/Lang目录文件上传漏洞
Vulnerability Description
Kailash Nadh boastMachine (以前的 bMachine) 3.1及之前版本的管理界面中的Languages选择可以使远程认证用户将带有任意扩展名的文件上传到bmc/Inc/Lang目录。 注: 由于上传的文件无法通过HTTP访问,只有存在本地用户能在其中打开或执行文件的使用方式时,此问题才算是漏洞。例如,带有可诱使用户打开文件的名称的恶意程序文件。
CVSS Information
N/A
Vulnerability Type
N/A