Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Raysync 代码注入漏洞
Vulnerability Description
Raysync是中国Raysync公司的一个用于高速传输文件的软件。该软件具有轻量型的Web访问页面,支持部门和团队之间的文件传输交互。可以快速共享和分发文件,并且还支持远程文件协作。 Raysync below 3.3.3.8 存在代码注入漏洞,未经身份验证的未经授权的攻击者可利用该漏洞发送一个特别精心设计的请求,用恶意内容覆盖服务器中的特定文件,可以以“admin”身份登录,然后修改特定的shell文件,以实现宿主服务器上的远程代码执行(RCE)。
CVSS Information
N/A
Vulnerability Type
N/A