Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access control
Vulnerability Description
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Chicheng JFLow 访问控制错误漏洞
Vulnerability Description
Chicheng JFLow是中国驰骋(Chicheng)公司的一个工作流引擎表单。 Chicheng JFLow 2.0.0版本存在访问控制错误漏洞,该漏洞源于文件/WF/Ath/EntityMutliFile_Load.do的参数oid会导致访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A