Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vocera Report Server 路径遍历漏洞
Vulnerability Description
Vocera Report Server是美国Vocera公司的一个报表应用程序。用于从 Vocera 系统软件创建的数据日志中收集数据并构建报告。 Vocera Report Server 和 Voice Server 5.x - 5.8 版本存在安全漏洞,该漏洞源于 Vocera Report Console 包含一个 websocket 函数,允许从 ZIP 存档文件中恢复数据库,该 ZIP 存档文件期望一个 SQL 导入文件。在解压操作中,代码从 ZIP 存档文件中获取文件路径,并将它们写入到 V
CVSS Information
N/A
Vulnerability Type
N/A