Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https://<HOST>/backup/upload_<FILENAME>. Due to broken access control, low-privileged authenticated users can also use this file upload functionality.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
za-internet C-MOR Video Surveillance 安全漏洞
Vulnerability Description
za-internet C-MOR Video Surveillance是德国za-internet公司的一个网络视频监控系统。 za-internet C-MOR Video Surveillance 5.2401 版本存在安全漏洞,该漏洞源于输入验证不当,导致不受限制的文件上传。
CVSS Information
N/A
Vulnerability Type
N/A