Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Centova Cast 3.2.11 - Arbitrary File Download
Vulnerability Description
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Centova Cast 安全漏洞
Vulnerability Description
Centova Cast是加拿大Centova公司的一个互联网广播流媒体管理控制面板。 Centova Cast 3.2.11版本存在安全漏洞,该漏洞源于经过身份验证的攻击者可通过server.copyfile API端点检索任意系统文件,可能导致敏感文件泄露。
CVSS Information
N/A
Vulnerability Type
N/A