Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroPlatform vulnerable to path traversal during temporary file manipulations
Vulnerability Description
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OroPlatform 路径遍历漏洞
Vulnerability Description
OroPlatform是一个 PHP 业务应用程序平台 (BAP),旨在使自定义业务应用程序的开发更容易、更快。 OroPlatform 5.0.9之前版本存在路径遍历漏洞,该漏洞源于存在路径遍历漏洞,攻击者可以将路径传递给不存在的文件,将内容写入新文件。
CVSS Information
N/A
Vulnerability Type
N/A