Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
qwdigital LinkWechat Universal Download Interface resource path traversal
Vulnerability Description
A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
路径遍历:’../filedir’
Vulnerability Title
LinkWeChat 安全漏洞
Vulnerability Description
LinkWeChat是基于企业微信的开源 SCRM 系统。 LinkWeChat 5.1.0版本存在安全漏洞,该漏洞源于文件/linkwechat-api/common/download/resource的参数name会导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A