CNNVD-202510-2271 Information
CNNVD ID
CNNVD-202510-2271
Related CVE
- CNNVD Published: 2025-10-15
Description (Chinese)
SmartBI是中国思迈特(SmartBI)公司的一个商业智能软件。 SmartBI V8版本、V9版本和V10版本存在安全漏洞,该漏洞源于RMIServlet请求处理逻辑中存在不受限制的文件上传,可能导致执行任意代码。
Description (English)
SmartBI is a business intelligence software for SmartBI in China. There is a security loophole in the SmartBI V8, V9 and V10 versions, which stems from the unrestricted uploading of documents in the RRIServlet processing logic, which may lead to the enforcement of arbitrary codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
思迈特
Published
2025-10-15
Last Modified
2026-02-24
References
https://jeyiuwai.pages.dev/posts/1day-%E8%B7%9F%E8%B8%AAsmartbi-rmiservlet-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/ https://www.vulncheck.com/advisories/smartbi-rmiservlet-unrestricted-file-upload-rce https://www.smartbi.com.cn/patchinfo https://avd.aliyun.com/detail?id=AVD-2023-1673292 https://access.redhat.com/security/cve/cve-2023-7305
Share on: