Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Schneider Electric Andover Continuum 代码注入漏洞
Vulnerability Description
Schneider Electric Andover Continuum是法国施耐德电气(Schneider Electric)公司的一套楼宇自动化解决方案。该产品包括供热通风与空气调节和访问控制等功能。 Schneider Electric Andover Continuum(所有版本)中存在代码注入漏洞。攻击者可通过干扰应用程序对XML数据的处理利用该漏洞在系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A