Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Plunet BusinessManager 'pagesUTF8/Sys_DirAnzeige.jsp和pagesUTF8/auftrag_job.jsp' 敏感信息泄露漏洞
Vulnerability Description
Plunet BusinessManager 4.1及其早期版本允许远程验证用户绕过访问限制并(1)可以借助对pagesUTF8/Sys_DirAnzeige.jsp的一个修改过的Pfad参数读取敏感Customer或Order数据,或者(2)可以借助对pagesUTF8/auftrag_job.jsp提交的一个直接请求列出敏感Jobs。
CVSS Information
N/A
Vulnerability Type
N/A