Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM DB2 XML函数文件建立漏洞
Vulnerability Description
IBM DB2是美国IBM公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBM i、z/OS以及Windows服务器版本。 IBM DB2 4个XML函数可用于在系统上读取和写文件,远程攻击者可以利用这个漏洞提升特权,执行任意命令。 XMLFileFromVarchar和XMLFileFromClob函数可用于在服务器上建立任意文件,如果文件存在,那么旧的将被覆盖,此漏洞可用于攻击者在服务器上建立一个库并通过"CALL"装载。XMLVarcharFromFile和XMLClo
CVSS Information
N/A
Vulnerability Type
N/A