Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Tangro Business Workflow 代码问题漏洞
Vulnerability Description
Tangro Business Workflow是德国Tangro公司的一款可将SAP文档内容的内部控制以及批准流程进行可视化绘制的软件。 tangro Business Workflow 1.18.1之前版本存在代码问题漏洞,该漏洞源于从服务器请求一个允许的文件类型列表,并限制上传到该列表中包含的文件类型。但是,这个限制是在浏览器(客户端)中强制执行的,可以绕过它。这允许攻击者可利用该漏洞将任何文件作为附件上载到工作项。
CVSS Information
N/A
Vulnerability Type
N/A