Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Acunetix Web Vulnerability Scanner AcuWVSSchedulerv10服务权限许可和访问控制问题漏洞
Vulnerability Description
Acunetix Web Vulnerability Scanner(WVS)是美国Acunetix公司的一款Web应用安全扫描器,它支持渗透测试、多线程扫描和客户端脚本分析等安全功能。 Acunetix WVS 10 build 20151125之前版本的AcuWVSSchedulerv10服务中存在安全漏洞,该漏洞源于api/addScan URI没有充分过滤params JSON对象的reporttemplate属性中的命令参数。本地攻击者可利用该漏洞获取权限。
CVSS Information
N/A
Vulnerability Type
N/A