Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Exact Synergy Enterprise 代码问题漏洞
Vulnerability Description
Exact Synergy Enterprise是荷兰Exact公司的一个处理所有业务流程并将其与 ERP 系统集成的平台。 Exact Synergy Enterprise 267 267SP13之前版本、Exact Synergy Enterprise 500 500SP6之前版本存在安全漏洞,该漏洞源于个人资料图片上传功能允许上传 SVG 图片,攻击者利用该漏洞可以使用任意 JavaScript 代码上传 SVG 图像,该文件将被应用程序接受并存储在应用程序的服务器上,在受害者浏览器的上下文中执行制
CVSS Information
N/A
Vulnerability Type
N/A