Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BDCOM Behavior Management and Auditing System operate.mds log_operate_clear os command injection
Vulnerability Description
A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the argument start_code leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
BDCOM Behavior Management and Auditing System 操作系统命令注入漏洞
Vulnerability Description
BDCOM Behavior Management and Auditing System是中国BDCOM公司的一个行为管理与审计系统。 BDCOM Behavior Management and Auditing System 20250210及之前版本存在操作系统命令注入漏洞,该漏洞源于参数 start_code 存在系统命令注入。
CVSS Information
N/A
Vulnerability Type
N/A