Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
diyhi bbs 路径遍历漏洞
Vulnerability Description
diyhi bbs(巡云轻论坛系统)是中国的一个开源项目,采用JAVA+MYSQL架构,自适应手机端和电脑端,界面简洁,性能高效。 diyhi bbs 5.3版本存在安全漏洞,该漏洞源于UpgradeManageAction.java文件中的UpgradeNow函数存在文档提取(又名“Zip Slip”)漏洞,该漏洞在不检查文件名的情况下解压任意上传的Zip文件。
CVSS Information
N/A
Vulnerability Type
N/A