PT-2023-20211 · Unknown · Zxcloud Irai
Publicado
2023-12-14
·
Atualizado
2023-12-19
·
CVE-2023-25650
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ZXCLOUD iRAI (affected versions not specified)
Description
There is an issue where an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. This is due to the backend not escaping special strings or restricting paths.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zxcloud Irai