Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NAS4Free Authenticated User 远程任意PHP代码执行漏洞
Vulnerability Description
NAS4Free是一套开源的网络存储系统(NAS)。该系统提供软件RAID(将多个磁盘合并为单个RAID)、磁盘加密等功能。 NAS4Free 9.1.0.1.804及之前的版本中存在远程代码执行漏洞。远程攻击者可通过发送包含恶意PHP文件的请求利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A