Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wordtrans-web远程命令执行和跨站脚本执行漏洞
Vulnerability Description
wordtrans-web是一款基于WEB的多语言字典查询工具,可使用在Linux和其他多种Unix操作系统下。 wordtrans-web对用户提交的输入缺少过滤,远程攻击者可以利用这个漏洞进行跨站脚本攻击和以WEB进程权限在系统上执行任意命令。 wordtrans-web中的wordtrans.php脚本对用户提交的查询参数缺少过滤,远程攻击者可以提交包含恶意脚本代码或者使用元字符的任意系统命令的数据作为查询参数,提交给wordtrans.php脚本解析,可导致以WEB进程权限在系统上执行任意命令,或
CVSS Information
N/A
Vulnerability Type
N/A