Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tobesoft Nexacro arbitrary file download vulnerability
Vulnerability Description
Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Tobesoft Nexacro数据伪造问题漏洞
Vulnerability Description
Tobesoft Nexacro是韩国Tobesoft公司的一套基于统一框架的OSMU(单来源多用途)应用程序开发解决方案。 Nexacro 17 17.1.3.700 版本之前存在安全漏洞,该漏洞源于 automatic update 功能不验证除版本信息外的输入数据。远程攻击者可以使用这种不完整的验证逻辑来下载和执行任意恶意文件。
CVSS Information
N/A
Vulnerability Type
N/A