Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Schneider Electric StruxureWare Data Center Expert 安全漏洞
Vulnerability Description
Schneider Electric StruxureWare Data Center Expert是法国施耐德电气(Schneider Electric)公司的一套集中式数据中心基础设施管理软件。该软件可收集和分发关键警报、监控视频和关键信息,并支持从网络上的任意位置提供物理基础建构环境的统一视图。 Schneider Electric StruxureWare Data Center Expert 7.5.0及之前版本中存在安全漏洞。攻击者可借助带有路径遍历文件名的特制文件利用该漏洞将任意文件上传到目
CVSS Information
N/A
Vulnerability Type
N/A