🟠 《高危安全漏洞:CVE-2026-60114》

CVSS 评分: 高危(8.7)  状态: Undergoing Analysis  发布时间: 2026-07-14


漏洞描述

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths. Attackers can exploit the lack of key validation in the JSON restore process, combined with the absence of a required passphrase in the default configuration or the default passphrase 'opendoor', to write arbitrary JSON files outside the intended data directory.


🔍 技术细节

字段
CVE ID CVE-2026-60114
CVSS 评分 8.7 🟠
严重程度 高危
CVSS 向量 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE 分类 CWE-22
发布时间 2026-07-14
最后更新 2026-07-14
状态 Undergoing Analysis
数据来源 disclosure@vulncheck.com

🔗 参考链接