Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple vulnerabilities on Meta4 HR from Cegid
Vulnerability Description
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Meta4 HR 代码问题漏洞
Vulnerability Description
Cegid Meta4 HR是Cegid公司的一个人力资源管理软件(HRM)平台。 Meta4 HR 819.001.022及之前版本存在代码问题漏洞,该漏洞源于文件/config/espanol/update_password.jsp存在文件上传漏洞。
CVSS Information
N/A
Vulnerability Type
N/A