漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
IPCop <= 2.1.9 Authenticated RCE
Vulnerability Description
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, directly into system-level operations without proper input sanitation. By modifying the email password field to include shell metacharacters and issuing a save-and-test-mail action, an authenticated attacker can execute arbitrary operating system commands with the privileges of the web interface, resulting in full system compromise.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
IPCop 安全漏洞
Vulnerability Description
IPCop是IPCop开源的一个防火墙软件。 IPCop 2.1.9及之前版本存在安全漏洞,该漏洞源于电子邮件配置组件未正确清理用户输入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A