Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gurock Software Gurock TestRail 安全漏洞
Vulnerability Description
Gurock Software Gurock TestRail是德国Gurock Software公司的一套基于Web的、用于QA和开发团队的测试用例管理软件。该软件支持创建测试用例、管理测试套件和协调测试过程等。 Gurock Software Gurock TestRail 5.6.0.3853版本中的图像上传表单存在任意文件上传漏洞。远程攻击者可通过上传带有可执行扩展名的图像利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A