Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ZendTo 安全漏洞
Vulnerability Description
ZendTo是ZendTo公司的一套基于Web的文件传输系统。 ZendTo 5.24-3版本至6.10-7之前版本存在安全漏洞,该漏洞源于tmp_name参数中存在shell元字符,可能导致未经验证的远程攻击者执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A