Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
路径遍历:’../filedir’
Vulnerability Title
OpenSlides 安全漏洞
Vulnerability Description
OpenSlides是OpenSlides开源的一个免费的、基于网络的演示和集会系统。用于管理和投影集会的议程、动议和选举。 OpenSlides 4.2.5之前版本存在安全漏洞,该漏洞源于文件上传功能中的目录遍历问题,可能导致本地文件被覆盖。
CVSS Information
N/A
Vulnerability Type
N/A