Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Headwind MDM 安全漏洞
Vulnerability Description
Headwind MDM是一款用于管理企业中Android设备的平台。 Headwind MDM Web panel 5.22.1版本存在安全漏洞。攻击者利用该漏洞可以读取运行应用程序的服务器上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A