Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution Vulnerability in MEGABOT
Vulnerability Description
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
MEGABOT Discord Bot 安全漏洞
Vulnerability Description
MEGABOT Discord Bot是Nic Jones个人开发者的一个完全定制的 Discord 机器人。用于学习和娱乐。 MEGABOT Discord Bot 1.5.0之前版本存在安全漏洞,该漏洞源于存在远程代码执行问题,允许攻击者在任何频道中注入Python代码。
CVSS Information
N/A
Vulnerability Type
N/A