Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ALC WebCTRL 安全漏洞
Vulnerability Description
ALC WebCTRL是美国Automated Logic Corporation(ALC)公司的一套楼宇自动化控制系统。 ALC WebCTRL 6.0版本、6.1版本和6.5版本中存在XML外部实体注入漏洞。攻击者可借助‘X-Wap-Profile’HTTP包头利用该漏洞泄露底层Web服务器操作系统上的文件内容。
CVSS Information
N/A
Vulnerability Type
N/A