Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
diyhi bbs API ForumManageAction.java add path traversal
Vulnerability Description
A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
diyhi bbs 路径遍历漏洞
Vulnerability Description
diyhi bbs(巡云轻论坛系统)是中国的一个开源项目,采用JAVA+MYSQL架构,自适应手机端和电脑端,界面简洁,性能高效。 diyhi bbs 6.8版本存在路径遍历漏洞,该漏洞源于组件API的文件/src/main/java/cms/web/action/template/ForumManageAction.java中参数dirName的错误操作导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A