Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Download file outside intended directory
Vulnerability Description
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mycodo 路径遍历漏洞
Vulnerability Description
Mycodo是一个环境监测和调节系统。用于耦合输入和输出,以感知和操纵环境。 Mycodo 8.12.7之前版本存在路径遍历漏洞,具有权访问端点的人下载预期目录之外的文件。
CVSS Information
N/A
Vulnerability Type
N/A