Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Tobesoft MiPlatform 操作系统命令注入漏洞
Vulnerability Description
Tobesoft MiPlatform是韩国Tobesoft公司的一款用户图形界面开发工具。 基于Windows平台的Tobesoft MiPlatform 2019.05.16之前版本中的ExtCommandApi.dll文件存在操作系统命令注入漏洞。攻击者可通过向‘WinExec’函数发送参数利用该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A