Sinapsi eSolar OS Command Injection

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Sinapsi eSolar 任意命令执行漏洞

Sinapsi eSolar Light是意大利Sinapsi公司的一套在太阳能应用程序内使用的监控系统。 Sinapsi eSolar Light Photovoltaic System Monitor (又名Schneider Electric Ezylog photovoltaic SCADA管理服务器)，Sinapsi eSolar，Sinapsi eSolar DUO固件2.0.2870_2.2.12之前的版本中的ping.php脚本中存在漏洞。远程攻击者可通过ip_dominio参数中的she

N/A

N/A