Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tobesoft Nexacro platform arbitrary file creation vulnerability
Vulnerability Description
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Tobesoft Nexacro 输入验证错误漏洞
Vulnerability Description
Tobesoft Nexacro是韩国Tobesoft公司的一套基于统一框架的OSMU(单来源多用途)应用程序开发解决方案。 Nexacro 17 存在安全漏洞,该漏洞源于在Nexacro平台的复制方法中,发现了错误的输入验证导致的任意文件创建。远程攻击者可利用该漏洞利用复制方法在文件创建后执行任意命令,其中包含恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A