Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery vulnerability in MESbook
Vulnerability Description
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
MESbook 安全漏洞
Vulnerability Description
MESbook是MESbook公司的一个基于网络的系统。连接到工厂机器并将数据转换为信息以进行实时管理。 MESbook 20221021.03 版本存在安全漏洞。攻击者利用该漏洞可以读取Web文件的源代码。
CVSS Information
N/A
Vulnerability Type
N/A