Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Uber Uploader 配置错误漏洞
Vulnerability Description
Uber Uploader (UU) 存在默认配置错误漏洞。并不会影响以下文件的上传:(1) .html,(2) .asp和其他可能有危害性的扩张(这些扩张会被远程攻击者通过(a)与uu_file_upload.js有关的 uu_file_upload.php (b) 与uber_uploader_file.js 有关的uber_uploader_file.php来利用。这个漏洞与CVE-2007-0123不同.
CVSS Information
N/A
Vulnerability Type
N/A