Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read
Vulnerability Description
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Saltcorn 路径遍历漏洞
Vulnerability Description
Saltcorn是Saltcorn开源的一个可扩展的开源无代码数据库应用程序构建器。 Saltcorn 1.4.5之前版本、1.5.5之前版本和1.6.0-beta.4之前版本存在路径遍历漏洞,该漏洞源于POST /sync/offline_changes端点允许未经身份验证的攻击者在服务器文件系统上创建任意目录并写入受控的JSON文件,且GET /sync/upload_finished端点允许未经身份验证的攻击者列出任意目录内容和读取特定JSON文件。
CVSS Information
N/A
Vulnerability Type
N/A