Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PONTON X/P Messenger 路径遍历漏洞
Vulnerability Description
PONTON X/P Messenger是德国PONTON公司的一种高度可配置的 ebXML、AS/1、AS /2、AS/3 和 AS/4 兼容的消息传递软件。 PONTON X/P Messenger 3.11.2 之前存在安全漏洞。该漏洞源于上传的 ZIP 文件在 private/SchemaSetUpload.do 中存在路径遍历,攻击者可通过 imgs/*.jsp URI 在底层服务器上远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A