Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control
Vulnerability Description
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
FileRise 安全漏洞
Vulnerability Description
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 3.3.0之前版本存在安全漏洞,该漏洞源于/uploads目录访问控制缺失,可能导致未经验证的文件读取和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A