N/A

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

下载代码缺少完整性检查

管理服务接口Ebiz4u 安全漏洞

Inogard Ebiz4u是韩国Inogard公司的一套电子采购系统。 Inogard Ebiz4u中存在安全漏洞，攻击者能够通过目录遍历自动执行启动菜单。

N/A

N/A