Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RomM vulnerable to Authenticated Path Traversal
Vulnerability Description
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.
CVSS Information
N/A
Vulnerability Type
路径遍历:’dir/../filename’
Vulnerability Title
Romm 安全漏洞
Vulnerability Description
Romm是The RomM Project开源的一个只读存储器的管理器。 RomM 3.10.3之前版本和4.0.0-beta.3之前版本存在安全漏洞,该漏洞源于api/raw端点存在认证路径遍历,可能导致密码和用户信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A