Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bottinelli Informatical Vedo Suite 安全漏洞
Vulnerability Description
Bottinelli Informatical Vedo Suite是意大利Bottinelli Informatica公司的一款面向纺织与设计行业的企业软件套件。 Bottinelli Informatical Vedo Suite 2024.17版本存在安全漏洞,该漏洞源于不安全的uploadPreviews函数可能导致任意文件上传和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A