Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content
Vulnerability Description
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
FileRise 安全漏洞
Vulnerability Description
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 3.10.0及之前版本存在安全漏洞,该漏洞源于服务器端授权缺陷,可能导致用户读取同一文件夹中其他用户的文件片段。
CVSS Information
N/A
Vulnerability Type
N/A