Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Parallels Virtuozzo Containers VZPP WEB界面文件管理器跨站请求伪造漏洞
Vulnerability Description
Parallels Virtuozzo Containers是Parallels的主机操作虚拟化的解决方案。 Parallels Virtuozzo Containers 365.6.swsoft (build 4.0.0-365.6.swsoft)和25.4.swsoft (build 3.0.0-25.4.swsoft)的VZPP web界面的文件管理器中存在跨站请求伪造漏洞。远程攻击者可以借助对(1)创建文件和(2)vz/cp/vzdir/infrman/envs/files/中的列表控制的一个链接
CVSS Information
N/A
Vulnerability Type
N/A