Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
i-doit open 安全漏洞
Vulnerability Description
i-doit open是一套开源的自动化运维系统。该系统包括IT资产管理、IP地址管理、IT基础设施管理和技术文档管理等功能。 i-doit open 1.11.2版本中存在安全漏洞,该漏洞源于程序错误地处理ZIP存档文件。远程攻击者可通过上传带有‘.php’文件的‘.zip’文件利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A