Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CSNews Professional远程执行任意命令漏洞
Vulnerability Description
csNews Professional是一款基于WEB的新闻项目管理程序,运行在多种Unix和Linux系统下,也可运行在Microsoft Windows操作系统下。 csNews Professional对用户在URL的输入没有正确充分的过滤,可导致攻击者以Web进程的权限在目标系统上执行任意命令。 csNews Professional由于访问验证错误,任意用户可以在URL上提供PERL代码作为配置数据来写入到"setup.cgi"文件中,并在服务器上以Web进程的权限执行这些PERL代码。 注意用
CVSS Information
N/A
Vulnerability Type
N/A