Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in hestiacp/hestiacp
Vulnerability Description
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
hestiacp 注入漏洞
Vulnerability Description
hestiacp是一个适用于现代网络的轻量级且功能强大的控制面板。 GitHub repository hestiacp/hestiacp 1.5.12之前版本存在安全漏洞,该漏洞源于Sed注入漏洞。经过身份验证的低权限远程攻击者利用该漏洞在root环境下执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A