Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll
Vulnerability Description
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Internet Reservation Module Booking Engine 代码问题漏洞
Vulnerability Description
Internet Reservation Module Booking Engine是一个预定平台。 Internet Reservation Module Booking Engine存在代码问题漏洞。攻击者利用该漏洞将任意内容(例如 Web shell 组件)上传到 SQL 数据库并使用系统权限执行它。
CVSS Information
N/A
Vulnerability Type
N/A