Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gestionale Open Srl Gestionale Open 安全漏洞
Vulnerability Description
Gestionale Open Srl Gestionale Open(Go)是意大利Gestionale Open Srl 公司的一个开源的中小企业的免费 Erp 管理软件。 Gestionale Open存在安全漏洞,该漏洞源于低权限帐户能够重命名位于bin文件夹中的mysqld.exe文件,并将其替换为恶意文件,该恶意文件将连接回攻击计算机,并由于服务运行为本地系统而给予系统级特权(nt权限系统)。当低特权用户无法通过应用程序重新启动服务时,计算机的重新启动会触发恶意文件的执行。应用程序还存在未引用
CVSS Information
N/A
Vulnerability Type
N/A