Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kaifa Technology WebITR - Arbitrary File Upload
Vulnerability Description
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Kaifa Technology WebITR 安全漏洞
Vulnerability Description
凯发科技 Kaifa Technology WebITR是中国凯发科技公司的一款在线考勤系统。 Kaifa Technology WebITR 2_1_0_23版本存在安全漏洞,该漏洞源于文件上传功能不限制危险类型文件的上传,远程攻击者利用该漏洞可以上传任意文件以执行任意命令或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A