Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write leading up to remote code execution (instructor accounts)
Vulnerability Description
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
MarkUs 代码问题漏洞
Vulnerability Description
MarkUs是MarkUs开源的一个 Ruby on Rails 和 React web 应用程序,用于提交和评分学生作业。 MarkUs v2.4.8之前版本存在代码问题漏洞,该漏洞源于存在任意文件写入漏洞,允许经过身份验证的攻击者将任意文件写入服务器上的任何位置。
CVSS Information
N/A
Vulnerability Type
N/A