Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tsinghua Unigroup Electronic Archives System downLoad download path traversal
Vulnerability Description
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Tsinghua Unigroup Electronic Archives System 路径遍历漏洞
Vulnerability Description
Tsinghua Unigroup Electronic Archives System是中国新紫光集团(Tsinghua Unigroup)公司的一个电子档案管理系统。 Tsinghua Unigroup Electronic Archives System 3.2.210802(62532)版本存在路径遍历漏洞,该漏洞源于对文件/Search/Subject/downLoad中参数path的错误操作,可能导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A