Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-7806

EPSS 0.76% · P73
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-7806

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric StruxureWare Data Center Operation 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric StruxureWare Data Center Operation是法国施耐德电气(Schneider Electric)公司的一套数据中心运营软件。该软件通过库存管理、PUE计算、实时设备警报和基于位置的深入分析,对数据中心操作进行即时概览。 Schneider Electric StruxureWare Data Center Operation中存在安全漏洞。攻击者可借助恶意制作的文件利用该漏洞将任意文件上传到目标目录之外的服务器文件系统上。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Schneider Electric SEData Center Operation all versions Data Center Operation all versions -

II. Public POCs for CVE-2018-7806

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-7806

登录查看更多情报信息。

Same Patch Batch · Schneider Electric SE · 2018-11-30 · 7 CVEs total

CVE-2018-7807Schneider Electric StruxureWare Data Center Expert 安全漏洞
CVE-2018-7809多款Schneider Electric产品安全漏洞
CVE-2018-7810多款Schneider Electric产品跨站脚本漏洞
CVE-2018-7811多款Schneider Electric产品安全漏洞
CVE-2018-7830多款Schneider Electric产品安全漏洞
CVE-2018-7831多款Schneider Electric产品跨站脚本漏洞

IV. Related Vulnerabilities

Same vendor: Schneider Electric SE

V. Comments for CVE-2018-7806

No comments yet

Leave a comment