Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Synology Calendar 路径遍历漏洞
Vulnerability Description
Synology Calendar是中国台湾群晖科技(Synology)公司的一款运行在Synology NAS(网络存储服务器)设备上的文件保护程序。 Synology Calendar 2.3.4-0631之前版本存在路径遍历漏洞,该漏洞源于对受限目录的路径名的不当限制,攻击者可以利用该漏洞通过未指定的向量下载任意文件。
CVSS Information
N/A
Vulnerability Type
N/A