Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Citrix Systems NetScaler Nitro API 跨站请求伪造漏洞
Vulnerability Description
Citrix Systems NetScaler是美国思杰系统(Citrix Systems)公司的一款多功能Web应用交付控制器,它可用于优化、保护并控制所有企业和云服务的交付。 Citrix Systems NetScaler 10.5版本的Nitro API中存在跨站请求伪造漏洞,该漏洞源于nitro/v1/config/xen_hotfix URI没有充分过滤params/xen_hotfix/0 URI中的‘file_name’参数。远程攻击者可借助shell元字符利用该漏洞以‘nsroot’权
CVSS Information
N/A
Vulnerability Type
N/A