Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload
Vulnerability Description
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Compuware iStrobe Web 代码问题漏洞
Vulnerability Description
Compuware iStrobe Web是美国Compuware公司的一个大型机性能分析和优化工具。 Compuware iStrobe Web 20.13版本存在代码问题漏洞,该漏洞源于文件上传表单中存在路径遍历,可能导致上传JSP webshell并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A