Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote file overwrite on discord-recon can result in DoS and Remote Code Execution
Vulnerability Description
Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `<` and `>` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Mohamed Dief Discord-Recon 操作系统命令注入漏洞
Vulnerability Description
Mohamed Dief Discord-Recon是Mohamed Dief开源的一个应用程序。用于从Discord中执行侦察过程b。 Mohamed Dief Discord-Recon 0.0.3版本及之前版本存在操作系统命令注入漏洞,远程攻击者可利用该漏洞能够用命令结果覆盖系统上的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A