Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
Vulnerability Description
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.
CVSS Information
N/A
Vulnerability Type
相对路径遍历
Vulnerability Title
NavigaTUM 安全漏洞
Vulnerability Description
NavigaTUM是TUM Developers开源的一个导航工具软件。 NavigaTUM 86f34c7之前版本存在安全漏洞,该漏洞源于propose_edits端点未清理文件路径,可能导致路径遍历和文件覆盖。
CVSS Information
N/A
Vulnerability Type
N/A