Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yellowfin Business Intelligence Yellowfin 安全漏洞
Vulnerability Description
Yellowfin Business Intelligence Yellowfin是澳大利亚Yellowfin Business Intelligence公司的一套创新的数据和分析产品。 Yellowfin 存在安全漏洞,该漏洞源于在 9.6.1 版本之前的 Yellowfin 中,可以通过向页面 MIIAvatarImage.i4 发送特制的 HTTP GET 请求来利用不安全的直接对象引用漏洞来枚举和下载用户的个人资料图片。
CVSS Information
N/A
Vulnerability Type
N/A