Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incomplete Cleanup vulnerability in PMB platform
Vulnerability Description
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
清理环节不完整
Vulnerability Title
PMB platform 安全漏洞
Vulnerability Description
PMB platform是PMB公司的一个免费的文档管理软件。 PMB platform 4.0.10版本至4.2.13版本存在安全漏洞,该漏洞源于允许攻击者在服务器上保留临时文件。
CVSS Information
N/A
Vulnerability Type
N/A