Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ISUCON5 qualifier 操作系统命令注入漏洞
Vulnerability Description
ISUCON5 qualifier是一套预选赛门户应用程序。 ISUCON5 qualifier commit 150e3e6d851acb31a0b15ce93380a7dab14203fa之前版本的eventapp/lib/gcloud.rb文件中存在命令注入漏洞,该漏洞源于程序使用不正确的popen调用。远程攻击者可借助带有shell元字符的HTTP请求利用该漏洞在Web服务器上下文中执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A