Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pulverizr 注入漏洞
Vulnerability Description
pulverizr是一款图片压缩器。 pulverizr 0.7.0及之前版本存在安全漏洞,该漏洞源于没有对‘filename’参数进行任何清理,函数便直接使用了该参数。攻击者可利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A