Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ChangingTec ServiSign - Command Injection
Vulnerability Description
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ServiSign 操作系统命令注入漏洞
Vulnerability Description
Changingtec ServiSign是中国台湾全景软件(Changingtec)公司的一个系统。该系统提供了数字签名和验证的跨平台解决方案。 ServiSign存在安全漏洞,该漏洞源于对连接响应参数中的特殊字符过滤不足。攻击者利用该漏洞可以触发命令注入,并执行任意系统命令以执行任意系统操作或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A