Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eScan 5.5-2 Web Management Console Command Injection
Vulnerability Description
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
eScan Web Management Console 安全漏洞
Vulnerability Description
eScan Web Management Console是印度eScan公司的一个控制面板软件。 eScan Web Management Console 5.5-2版本存在安全漏洞,该漏洞源于pass参数未正确清理,可能导致命令注入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A