Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Roxy-WI vulnerable to Limited Path Traversal in name parameter
Vulnerability Description
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Roxy-WI 路径遍历漏洞
Vulnerability Description
Roxy-WI是开源的一款用于管理 Haproxy、Nginx 和 Keepalived 服务器的 Web 界面。 Roxy-WI 6.3.5.0之前版本存在路径遍历漏洞,该漏洞源于SSH 密钥可以保存到一个意想不到的位置,例如 ../../../../../tmp/test111_dev 的 /tmp 文件夹。
CVSS Information
N/A
Vulnerability Type
N/A