Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Selesta Visual Access Manager 信息泄露漏洞
Vulnerability Description
selesta Selesta Visual Access Manager是selesta公司的一个可视访问管理器。 Selesta Visual Access Manager (VAM) 4.15.0版本至4.29版本中存在信息泄露漏洞,该漏洞源于/common/vam_editXml.php页面没有检查用于指定要读取文件名称的参数。攻击者可利用该漏洞访问文件系统上的敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A