Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated OS Command Injection in NesterSoft WorkTime
Vulnerability Description
An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on the WorkTime server as NT Authority\SYSTEM with the highest privileges. Attackers are able to access or manipulate sensitive data and take over the whole server.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
NesterSoft WorkTime 安全漏洞
Vulnerability Description
NesterSoft WorkTime是加拿大NesterSoft公司的一个项目跟踪软件。 NesterSoft WorkTime存在安全漏洞,该漏洞源于服务器API端点guid参数存在OS命令注入,可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A