Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OS Command Execution through Arbitrary File Upload
Vulnerability Description
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data".
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Image Access Scan2Net 安全漏洞
Vulnerability Description
Image Access Scan2Net是德国Image Access公司的一款扫描软件。 Image Access Scan2Net 7.40及之前版本、7.42及之前版本和7.42B之前版本存在安全漏洞,该漏洞源于如果攻击者可以访问有效的 Poweruser 会话,则可以远程执行代码,允许以www-data的身份在设备上执行任意 PHP 代码和 OS 命令。
CVSS Information
N/A
Vulnerability Type
N/A