Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SmartClient 路径遍历漏洞
Vulnerability Description
Smartclient是Smartclient公司的一个智能解决方案,使构建基于纯 Web 标准的强大、高效的 Web 应用程序变得简单。 SmartClient 12.0版本中的/tools/developerConsoleOperations.jsp(或/isomorphic/IDACall)URL上的控制台功能的loadFile方法存在路径遍历漏洞。攻击者可借助‘_transaction’参数中带有目录遍历序列的elem标签利用该漏洞获取文件系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A