漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
Vulnerability Description
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Simcy Creative PDF Signer 跨站请求伪造漏洞
Vulnerability Description
Simcy Creative PDF Signer是Simcy Creative公司的一款PDF文档签名与编辑软件。 Simcy Creative PDF Signer 3.0版本存在跨站请求伪造漏洞,该漏洞源于通过CSRF-TOKEN cookie参数注入PHP命令,可能导致未经身份验证的攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A