漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ContentKeeper Web Appliance < 125.10 RCE via mimencode
Vulnerability Description
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
ContentKeeper Web Appliance 安全漏洞
Vulnerability Description
ContentKeeper Web Appliance是澳大利亚ContentKeeper公司的一个网络内容过滤与安全网关设备。 ContentKeeper Web Appliance 125.10之前版本存在安全漏洞,该漏洞源于mimencode CGI工具对文件上传处理不当,可能导致远程命令执行和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A