Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Upload in MCO
Vulnerability Description
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
MyComplianceOffice MCO 任意文件上传漏洞
Vulnerability Description
MyComplianceOffice MCO是MyComplianceOffice公司的一款合规与风险管理软件。 MyComplianceOffice MCO 25.3.3.1版本存在任意文件上传漏洞,该漏洞源于未正确验证上传文件类型,且文件上传验证功能仅依赖客户端检查,可被绕过,导致授权后的低权限攻击者可将任意类型文件上传至服务器。
CVSS Information
N/A
Vulnerability Type
N/A