Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote code execution in Message sending functionality in IntelMQ Manager
Vulnerability Description
IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
IntelMQ Manager Monitor组件操作系统命令注入漏洞
Vulnerability Description
IntelMQ Manager是一款用于管理IntelMQ框架的配置的图形界面。 IntelMQ Manager 1.1.0及之后版本(2.1.1版本已修复)中的Monitor组件的Inspect-tool的‘send’功能存在操作系统命令注入漏洞,该漏洞源于后端没有正确处理用户输入所提供的消息。攻击者可利用该漏洞以借助webserver权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A