Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail
Vulnerability Description
nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as `env_patchsample230330.php` to env.php.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
nophp 命令注入漏洞
Vulnerability Description
nophp是paijp个人开发者的一个基于php的轻量级简单Web框架。 nophp 0.0.1之前版本存在命令注入漏洞,该漏洞源于容易受到httpd用户的shell命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A