漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Command injection via specially crafted file name during config file upload
Vulnerability Description
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Eaton Intelligent Power Manager 输入验证错误漏洞
Vulnerability Description
Eaton Intelligent Power Manager(IPM)是美国Eaton公司的一款智能电源管理器,它支持从界面远程监视和管理网络中的多个设备。 Eaton IPM 1.67及之前版本中存在输入验证错误漏洞,该漏洞源于程序没有正确验证配置文件的名称。攻击者可借助特制文件名利用该漏洞注入命令或执行代码。
CVSS Information
N/A
Vulnerability Type
N/A