Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kardex Control Center 代码注入漏洞
Vulnerability Description
Kardex Control Center是Kardex公司的物流控制和仓库管理系统。 Kardex Control Center 5.7.12+0-a203c2a213-master 版本存在安全漏洞,该漏洞源于用户可控制的路径在没有适当清理的情况下被传递给path-concatenation方法,这导致包含本地文件以及 SMB 共享上的远程文件的可能性,如果提供一个扩展名为 .t4 的文件,它将使用 .NET 模板引擎 mono/t4 调用,可以执行代码。
CVSS Information
N/A
Vulnerability Type
N/A