Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Dataprobe iBoot-PDU 代码问题漏洞
Vulnerability Description
Dataprobe iBoot-PDU是美国Dataprobe公司的一种可通过 Web 访问的受管 PDU 独立控制的插座。 Dataprobe iBoot-PDU FW存在代码问题漏洞,该漏洞源于攻击者可以通过精心制作的PHP脚本(使用来自HTTP请求的参数)来创建能够更改主机参数的URL。HTTP中更改的主机参数可以指向另一个主机,该主机将向更改的主机参数中指定的主机或IP发送请求。
CVSS Information
N/A
Vulnerability Type
N/A