Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XCloner Standalone 代码注入漏洞
Vulnerability Description
XCloner Standalone是罗马尼亚XCloner公司的一套备份和恢复软件。该软件对网站提供了备份和恢复功能。 XCloner Standalone 3.5及之前的版本中存在安全漏洞,当使用enable_db_backup和sql_mem时,远程攻击者可借助generate操作的‘dbbackup_comp’参数中的shell元字符利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A