Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Simple E-Document Arbitrary File Upload RCE
Vulnerability Description
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
TECOrange Simple E-Document 安全漏洞
Vulnerability Description
TECOrange Simple E-Document是TECOrange公司的一款用于大量邮件接收的系统。 TECOrange Simple E-Document 3.0至3.1版本存在安全漏洞,该漏洞源于上传机制未限制文件类型和验证输入,可能导致任意文件上传和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A