漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
CentOS Web Panel 操作系统命令注入漏洞
Vulnerability Description
CentOS Web Panel(CWP)是一款免费的虚拟主机控制面板。 CentOS Web Panel cwp-el7-0.9.8.891版本中的ajax_crons.php文件存在操作系统命令注入漏洞,该漏洞源于在执行系统调用之前未正确验证用户提供的字符串。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A