Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Huijietong Cloud Video Platform fileDownload Arbitrary File Read
Vulnerability Description
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
HuiJieTong Cloud Video Platform 安全漏洞
Vulnerability Description
HuiJieTong Cloud Video Platform是中国慧捷通(HuiJieTong)公司的一个云视频平台。 HuiJieTong Cloud Video Platform存在安全漏洞,该漏洞源于未经验证的攻击者可向/fileDownload?action=downloadBackupFile端点的fullPath参数提供任意文件路径,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A