Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ConnectWise Control 注入漏洞
Vulnerability Description
ConnectWise Control是美国ConnectWise公司的一个自托管远程桌面软件应用程序。 ConnectWise Control 22.9.10032之前版本存在注入漏洞,该漏洞源于无法验证用户提供的参数。
CVSS Information
N/A
Vulnerability Type
N/A