N/A

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234.

N/A

产品UI接口未警示用户不安全动作

Bitdefender SafePay 操作系统命令注入漏洞

Bitdefender SafePay是一款安全浏览器。 Bitdefender SafePay 23.0.11.44之前版本中存在操作系统命令注入漏洞。远程攻击者可利用该漏洞在当前进程的上下文中执行任意代码或造成拒绝服务。

N/A

N/A