Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EverSync 0.5 Arbitrary File Download via files Directory
Vulnerability Description
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Phpmassmail EverSync 安全漏洞
Vulnerability Description
Phpmassmail EverSync是Phpmassmail公司的一个同步工具。 Phpmassmail EverSync 0.5版本存在安全漏洞,该漏洞源于files目录存在任意文件下载,可能导致下载包含凭据的数据库文件。
CVSS Information
N/A
Vulnerability Type
N/A