Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Rocket TRUfusion Enterprise 安全漏洞
Vulnerability Description
Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.5及之前版本存在安全漏洞,该漏洞源于对jobDirectory参数清理不当,可能导致路径遍历,进而将文件写入任意本地文件系统位置,并可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A