Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
Vulnerability Description
Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Nextcloud 代码问题漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server存在代码问题漏洞,该漏洞源于在主题设置中以管理员身份上传网站图标时能够控制文件名。受影响的产品和版本:Nextcloud server 24.0.10之前的24.0.x版本,25.0.4之前的25.0.x版本。
CVSS Information
N/A
Vulnerability Type
N/A