Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
iWT FaceSentry Access Control System 操作系统命令注入漏洞
Vulnerability Description
iWT FaceSentry Access Control System是iWT开源的一个应用软件。提供一个访问控制功能。 iWT FaceSentry Access Control System 6.4.8 存在操作系统命令注入漏洞,该漏洞允许使用默认凭据的经过身份验证的OS命令注入。可以利用它通过pingTest PHP脚本中的strInIP这个POST参数以root用户身份注入并执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A