Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IRIS IrisNext 命令注入漏洞
Vulnerability Description
IRIS IrisNext是卢森堡IRIS公司的一个文件管理解决方案,旨在管理、保护和使用您公司的信息。 IRISNext 9.8.28 版本及之前版本 BeanShell 组件存在安全漏洞,该漏洞源于 BeanShell 组件允许通过创建文档的自定义搜索(或编辑现有/预定义搜索)在目标服务器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A