CNNVD-202509-4343 Information
CNNVD ID
CNNVD-202509-4343
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Vasion Print Virtual Appliance Host是美国Vasion公司的一个打印管理软件。 Vasion Print Virtual Appliance Host 25.1.102之前版本存在安全漏洞,该漏洞源于/var/www/app/console_release/hp/badgeSetup.php脚本未经验证即可访问,且未对用户控制参数进行白名单或验证,可能导致服务器端请求伪造攻击。
Description (English)
Vasion Print Virgin Application Host is a print management software for Vasion in the United States. The previous version of Vasion Print Universal Application 25.1.102 had a security loophole, which originated from/var/www/app/console release/hp/budgeSetup.php scripts that could be accessed without authentication and without white lists or verification of user control parameters, which could lead to a server-end request for a false attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Vasion
Published
2025-09-29
Last Modified
2026-02-24
References
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-07 https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-hp-badgesetup-php-script
Patch
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
Share on: