Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
Vulnerability Description
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 6.10 mitigates this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Dataverse 代码问题漏洞
Vulnerability Description
Dataverse是Institute for Quantitative Social Science开源的一个研究数据管理与共享平台。 Dataverse 6.8及之前版本存在代码问题漏洞,该漏洞源于对文件/ThemeAndWidgets.xhtml中参数uploadLogo的操作,可能导致不受限制的上传。
CVSS Information
N/A
Vulnerability Type
N/A