Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Eve-NG Professional 和 Eve-NG Community 操作系统命令注入漏洞
Vulnerability Description
Eve-NG Professional是一款无客户端多供应商网络仿真软件。 Eve-NG Professional 4.0.1-65版本及之前版本、Eve-NG Community 2.0.3-112版本及之前版本存在安全漏洞,该漏洞源于配置解析器中的操作系统存在命令注入漏洞。远程身份验证的攻击者利用该漏洞通过编辑导入的UNL文件的虚拟化命令参数以root身份执行命令。
CVSS Information
N/A
Vulnerability Type
N/A