漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Snipe-IT 安全漏洞
Vulnerability Description
Snipe-IT是snipe个人开发者的一套开源IT资产/许可证管理系统。 Snipe-IT v.7.0.13版本存在安全漏洞。攻击者利用该漏洞可以提升权限。
CVSS Information
N/A
Vulnerability Type
N/A