Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyQ X 操作系统命令注入漏洞
Vulnerability Description
MyQ X是myq-solution的一个应用软件。将 过去和活跃的项目整齐地组织 在一个地方, 并将它们的管理集中在一个 界面中。 MyQ X Smart 8.2之前版本存在安全漏洞,攻击者可利用该漏洞通过Task Scheduler组件注入任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A