Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
Vulnerability Description
UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so without enforcing authentication or restricting path inputs. As a result, an unauthenticated remote attacker can supply local filesystem paths to read arbitrary files accessible to the service account. On Windows deployments, providing a UNC path can also coerce the server into initiating outbound SMB authentication, potentially exposing NTLM credentials for offline cracking or relay. This issue may lead to sensitive information disclosure and, in some environments, enable further lateral movement.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Synergetic Data Systems UnForm Server 安全漏洞
Vulnerability Description
Synergetic Data Systems UnForm Server是美国Synergetic Data Systems公司的一个文档管理和打印归档服务器软件。 Synergetic Data Systems UnForm Server 10.1.15之前版本存在安全漏洞,该漏洞源于Doc Flow模块arc端点未经验证的文件读取和SMB强制漏洞,可能导致任意文件读取和NTLM凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A