Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal vulnerability on Scriptcase
Vulnerability Description
Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Scriptcase 路径遍历漏洞
Vulnerability Description
Scriptcase是Scriptcase公司的一种用于快速应用程序开发的低代码平台。 Scriptcase 9.4.019版本存在路径遍历漏洞,该漏洞源于参数处理不当,允许未经身份验证的远程用户绕过SecurityManager的预期限制,并浏览和读取父目录。
CVSS Information
N/A
Vulnerability Type
N/A