Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in Red Discord Bot
Vulnerability Description
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Red Discord Bot 代码注入漏洞
Vulnerability Description
Red Discord Bot3.3.11之前的版本中,在Trivia模块中发现了RCE漏洞利用:此漏洞允许具有特制用户名的Discord用户将代码注入Trivia模块的页首横幅命令中。通过滥用此漏洞,可以执行破坏性操作和/或访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A