Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-35380
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Solari Di Udine TermTalk Server 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Solari Di Udine Spa Solari Di Udine TermTalk Server(Solari Di Udine TtServer )是意大利Solari Di Udine Spa公司的一种考勤管理服务。 TermTalk Server (TTServer) 3.24.0.2版本存在安全漏洞,该漏洞源于软件当中对于用户提交的目录数据缺少有效的过滤和转义。该漏洞允许未经身份验证的恶意用户通过访问他们想要下载的文件的相对路径(http://url:port/file?valore)来访问
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2021-35380
#POC DescriptionSource LinkShenlong Link
1TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-35380.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-35380
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2021-35380

No comments yet

Leave a comment