Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openfiler v2.x NetworkCard Command Execution
Vulnerability Description
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Openfiler 安全漏洞
Vulnerability Description
Openfiler是提供了一种部署和管理网络存储的简单方法。 Openfiler 2.x版本存在安全漏洞,该漏洞源于device参数未经验证直接传递给exec函数,可能导致远程代码执行和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A