Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated arbitrary file upload and command execution in Vembu products
Vulnerability Description
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Vembu BDR Suite 代码问题漏洞
Vulnerability Description
Vembu BDR Suite是一个虚拟机管理系统。 Vembu BDR Suite 存在代码问题漏洞,该漏洞源于允许通过指定文件名称和内容的GET请求写未经验证的文件。以下产品及型号会受到影响:Vembu BDR Suite 4.2.0 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A