[原文]Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.
Hummingbird Collaboration contains a flaw triggered when a remote attacker uses a specially modified URL that changes the file name and type of a previously uploaded file. This may allow an attacker to disguise and trick a user into downloading an arbitrary file.
The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.