Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
CyberPower PowerPanel Business Edition 操作系统命令注入漏洞
Vulnerability Description
Cyber Power Systems CyberPower PowerPanel Business Edition是美国Cyber Power Systems公司的一套电源管理软件。该软件可自动关闭物理和虚拟基础架构、并监控和管理CyberPower UPS系统和网络连接的PDU(电源分配单元)。 CyberPower PowerPanel Enterprise 存在安全漏洞,该漏洞源于添加远程备份位置时,用户名未经清理就传递到作为 NT/Authority 系统运行的 CMD,攻击者利用该漏洞
CVSS Information
N/A
Vulnerability Type
N/A