Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Socomec MOD3GP-SY-120K Code Injection
Vulnerability Description
The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Socomec MODULYS GP 代码注入漏洞
Vulnerability Description
Socomec MODULYS GP是法国溯高美索克曼(Socomec)公司的一个绿色电源设备。 Socomec MODULYS GP 存在代码注入漏洞,该漏洞源于缺少过滤器,可以在合法用户访问时执行被注入的恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A