Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stimulsoft 安全漏洞
Vulnerability Description
Stimulsoft(Stimulsoft Reports)是Stimulsoft公司的一套出色的 .NET 平台报告组件。用于在 JavaScript 应用程序中处理报告。 Stimulsoft 存在安全漏洞,该漏洞源于一旦攻击者反编译Stimulsoft.report.dll,攻击者就能够解密存储在mrt文件中的任何连接字符串。
CVSS Information
N/A
Vulnerability Type
N/A