漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Vulnerability Description
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
CVSS Information
N/A
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Longjing BEMS API 安全漏洞
Vulnerability Description
Longjing BEMS API是中国龙净(Longjing)公司的一个电池能量管理系统的接口。 Longjing BEMS API 1.21及之前版本存在安全漏洞,该漏洞源于downloads端点存在任意文件下载问题,可能导致访问敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A