Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection as root in NextCloudPi web panel
Vulnerability Description
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Nextcloud NextcloudPi 安全漏洞
Vulnerability Description
Nextcloud NextcloudPi是德国Nextcloud公司的一个库。 NextcloudPi 1.53.0及之前版本存在安全漏洞,该漏洞源于存在命令注入漏洞,允许攻击者作为root用户通过NextCloudPi web面板执行命令。
CVSS Information
N/A
Vulnerability Type
N/A