Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local File Inclusion in the File Upload/Download Process
Vulnerability Description
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks. This issue affects VertiGIS FM: 10.5.00119 (0d29d428).
CVSS Information
N/A
Vulnerability Type
资源在另一范围的外部可控制索引
Vulnerability Title
VertiGIS FM 安全漏洞
Vulnerability Description
VertiGIS FM是VertiGIS公司的一款结合地理信息的设施与资产管理平台。 VertiGIS FM 10.5.00119版本存在安全漏洞,该漏洞源于上传/下载流程中的本地文件包含,可能导致经过身份验证的攻击者读取服务器上的任意文件,并可能引发远程代码执行或NTLM中继攻击。
CVSS Information
N/A
Vulnerability Type
N/A