Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QuickBox 操作系统命令注入漏洞
Vulnerability Description
QuickBox是QuickBox团队的一套媒体服务器应用程序和服务管理系统。该系统支持使用仪表板实现应用程序的安装和管理,使用户能够与媒体服务器进行交互。 QuickBox Community Edition 2.5.5及之前版本和Pro Edition 2.1.8及之前版本中存在安全漏洞。攻击者可利用该漏洞无需密码便可执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A