Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
Vulnerability Description
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ITRS Group OP5 Monitor 安全漏洞
Vulnerability Description
ITRS Group OP5 Monitor是英国ITRS Group公司的一个用于服务器,基于开源项目 Naemon 的网络监视和管理的软件产品。 ITRS Group OP5 Monitor 7.1.9及之前版本存在安全漏洞,该漏洞源于cmd_str参数输入验证不当,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A