漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal
Vulnerability Description
A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
sonic-server 安全漏洞
Vulnerability Description
sonic-server是Sonic Cloud Org开源的一个移动设备远程调试与自动化测试平台。 sonic-server 2.0.0及之前版本存在安全漏洞,该漏洞源于对文件FileTool.java中File Upload Endpoint组件Upload函数的参数Type操作不当,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A