漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Path Disclosure and Path Traversal in MCO
Vulnerability Description
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MyComplianceOffice MCO 信息泄露漏洞
Vulnerability Description
MyComplianceOffice MCO是MyComplianceOffice公司的一款合规与风险管理软件。 MyComplianceOffice MCO 25.3.3.1版本存在安全漏洞,该漏洞源于文件处理功能对filename参数验证不当,允许写入任意位置文件以及通过错误消息间接泄露绝对服务器路径,容易受到路径遍历和路径泄露攻击。
CVSS Information
N/A
Vulnerability Type
N/A