Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write
Vulnerability Description
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Emoji for NodeBB 安全漏洞
Vulnerability Description
Emoji for NodeBB是NodeBB开源的一个表情符号插件。 Emoji for NodeBB 3.2.1版本存在安全漏洞,该漏洞源于通过表情符号上传API存在任意文件写入,可能导致覆盖系统文件。
CVSS Information
N/A
Vulnerability Type
N/A