Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
Vulnerability Description
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
BVRP Software Avanquest Software SLmail 安全漏洞
Vulnerability Description
BVRP Software Avanquest Software SLmail(BVRP Software SLmail)是法国BVRP Software公司的一个电子邮件服务器解决方案。 BVRP Software Avanquest Software SLmail 5.5.0.4433版本存在安全漏洞,该漏洞源于只需在末尾附加某些参数(%00 %0a、%20、%2a、%a0、%aa、%c0、%ca)即可检索存储在服务器上的凭证文件、配置文件、应用程序文件等。
CVSS Information
N/A
Vulnerability Type
N/A