Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
Vulnerability Description
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
InnovaStudio WYSIWYG Editor 代码问题漏洞
Vulnerability Description
InnovaStudio WYSIWYG Editor是美国InnovaStudio公司的一个富文本编辑器。 InnovaStudio WYSIWYG Editor 5.4版本存在代码问题漏洞,该漏洞源于文件上传限制绕过,可能导致上传恶意文件。
CVSS Information
N/A
Vulnerability Type
N/A