Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tobesoft XPLATFORM Path Traversal Vulnerability
Vulnerability Description
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Tobesoft Xplatform 路径遍历漏洞
Vulnerability Description
Tobesoft Xplatform是韩国Tobesoft公司的一套应用程序开发平台。该平台支持表单和复合组件继承功能、CSS自动设置功能以及多文档界面等功能。 Tobesoft Xplatform 9.2.2.280之前版本存在安全漏洞,该漏洞源于解压.zip文件缺少对于路径参数的过滤和转义。攻击者利用该漏洞可以将任意文件放到父路径中进行任意文件创建。
CVSS Information
N/A
Vulnerability Type
N/A