Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal via 'Upload-Key' in SmartEMS Upload Handling
Vulnerability Description
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Welotec SmartEMS Web Application 路径遍历漏洞
Vulnerability Description
Welotec SmartEMS Web Application是德国Welotec公司的一个具有能源管理与监控功能的基于Web的应用程序。 Welotec SmartEMS Web Application存在路径遍历漏洞,该漏洞源于上传端点验证不足,可能导致任意文件写入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A