漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bludit 3.13.1 Authenticated Arbitrary File Download via Backup Plugin
Vulnerability Description
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through directory traversal.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Bludit 路径遍历漏洞
Vulnerability Description
Bludit是Bludit开源的一套开源的轻量级博客内容管理系统(CMS)。 Bludit 3.13.1之前版本存在路径遍历漏洞,该漏洞源于Backup Plugin文件路径参数操作不当,可能导致任意文件下载。
CVSS Information
N/A
Vulnerability Type
N/A