Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSupports 安全漏洞
Vulnerability Description
OpenSupports是一款简单的开源的票务平台。 OpenSupports v4.11.0版本存在安全漏洞,该漏洞源于攻击者可以通过注释绕过安全限制并上传 .bat 文件,攻击者利用该漏洞能够执行任意代码或建立反向 shell。
CVSS Information
N/A
Vulnerability Type
N/A