Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dumb Drop has an arbitrary file overwrite and path traversal for root shell
Vulnerability Description
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Dumb Drop 安全漏洞
Vulnerability Description
Dumb Drop是DumbWare开源的一个应用程序。 Dumb Drop存在安全漏洞,该漏洞源于路径遍历问题,允许有上传权限的用户覆盖任意系统文件,可能导致恶意代码注入。
CVSS Information
N/A
Vulnerability Type
N/A