Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WebTester 5.x install2.php Unauthenticated Command Execution
Vulnerability Description
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Eppler Software WebTester 安全漏洞
Vulnerability Description
Eppler Software WebTester是Eppler Software公司的一款在线考试与测验平台。 Eppler Software WebTester 5.x版本存在安全漏洞,该漏洞源于install2.php脚本未清理用户输入,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A