Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data
Vulnerability Description
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
SinGooCMS.Utility 代码问题漏洞
Vulnerability Description
SinGooCMS.Utility是中国SinGooCMS个人开发者的一个工具集合。包括配置、文件、日期、数据、序列化、反射、图像处理、网络、缓存、Web 相关、加解密、压缩、类扩展等工具。 SinGooCMS.Utility 存在安全漏洞,该漏洞源于 socket 客户端传输对BinaryFormatter没有适当的限制或类型绑定。该漏洞影响以下产品:SinGooCMS.Utility 所有版本。
CVSS Information
N/A
Vulnerability Type
N/A