Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
M-Files Web Companion allows Remote Code Execution for some filetypes
Vulnerability Description
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
M-Files Web 代码问题漏洞
Vulnerability Description
M-Files Web是美国M-Files公司的一个智能信息管理平台。用于优化支持用户日常工作。 M-Files Web 23.10 之前版本存在代码问题漏洞,该漏洞源于黑名单不足,允许通过特定文件类型进行远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A