Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment
Vulnerability Description
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Sage Group Sage X3 操作系统命令注入漏洞
Vulnerability Description
Sage Group Sage X3是Sage Group公司的一个应用软件。针对成熟企业开发的企业资源规划产品。 Sage Group Sage X3 存在操作系统命令注入漏洞,具有开发人员访问权限的经过身份验证的用户可以通过 Web 应用程序使用的此变量传递操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A