Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yellowfin Business Intelligence Yellowfin 代码注入漏洞
Vulnerability Description
Yellowfin Business Intelligence Yellowfin是澳大利亚Yellowfin Business Intelligence公司的一套创新的数据和分析产品。 Yellowfin 存在代码注入漏洞,该漏洞源于在 9.6.1 版本之前的 Yellowfin 中,可以通过向页面 MIImage.i4 发送特制的 HTTP GET 请求来利用不安全直接对象引用漏洞枚举和下载上传的图像。
CVSS Information
N/A
Vulnerability Type
N/A