Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Perl Net::Ping::External extension 安全漏洞
Vulnerability Description
Perl是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。Net::Ping::External extension是其中的一个跨平台的Ping工具。 Perl Net::Ping::External extension 0.15及之前的版本中存在安全漏洞,该漏洞源于程序在使用External.pm文件中的backtick之前,没有正确的过滤带有shell元字符参数(例如:无效的主机名)。攻击者可利用该漏洞注入并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A