Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SmartStar Software CWS Web-Base - Arbitrary File Upload
Vulnerability Description
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
SmartStar Software CWS 代码问题漏洞
Vulnerability Description
SmartStar Software CWS是中国庆捷星资讯(SmartStar Software)公司的一个基于Web的集成平台。 SmartStar Software CWS v10.25版本存在代码问题漏洞,该漏洞源于文件上传功能不限制危险类型文件的上传,远程攻击者利用该漏洞可以上传任意文件以执行任意命令或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A