Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aEnrich Technology a+HRD - Argument Injection
Vulnerability Description
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
参数注入或修改
Vulnerability Title
aEnrich a+HRD 参数注入漏洞
Vulnerability Description
aEnrich a+HRD是中国育碁(aEnrich)公司的一个全方位人力资源开发化解决方案。 aEnrich a+HRD 6.8版本,7.0版本,7.1版本,7.2版本存在参数注入漏洞,该漏洞源于youtube-dl.exe的文件下载功能没有正确限制用户输入,导致攻击者可以将任意参数传递给youtube-dl.exe从而下载系统文件。
CVSS Information
N/A
Vulnerability Type
N/A