Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload
Vulnerability Description
unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
unzip-bot 操作系统命令注入漏洞
Vulnerability Description
unzip-bot是EDM115的一个用于提取各种类型档案的 Telegram 机器人。 unzip-bot 7.0.3a之前版本存在操作系统命令注入漏洞,该漏洞源于输入清理不当,允许用户通过构造的压缩文件名、密码或视频名称注入恶意命令。
CVSS Information
N/A
Vulnerability Type
N/A