Cccccccti

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Nome do Software Vulnerável e Versões Afetadas HummerRisk versões até 1.5.0 Descrição Uma falsificação de solicitação do lado do servidor existe no componente Video File Download URL Handler. A manipulação do argumento `streamIp` na função `ServerService.addServer()` dentro do arquivo `ServerService.java` permite que um invasor remoto realize essa ação. Recomendações No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.