Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MacdonaldRobinson FlexDotnetCMS 访问控制错误漏洞
Vulnerability Description
MacdonaldRobinson FlexDotnetCMS是MacdonaldRobinson个人开发者的一款基于 ASP .NET 开发的内容管理系统。 FlexDotnetCMS1.5.11之前版本存在访问控制错误漏洞,该漏洞源于文件编辑器(管理视图文件编辑器)中不正确的访问控制,攻击者可利用该漏洞读写web根目录之外的现有文件。
CVSS Information
N/A
Vulnerability Type
N/A