Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote code execution via specially crafted script settings in SABnzbd
Vulnerability Description
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SABnzbd 代码注入漏洞
Vulnerability Description
SABnzbd是SABnzbd开源的一个用 Python 编写的开源二进制新闻阅读器。 SABnzbd 1.1.0至4.0.2RC1版本存在代码注入漏洞,该漏洞源于允许以 SABnzbd 进程的权限执行代码。
CVSS Information
N/A
Vulnerability Type
N/A