Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code Injection Vulnerability in AiDex
Vulnerability Description
In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the ‘content’ parameter.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Aidex 代码注入漏洞
Vulnerability Description
AiDex是AiDex公司的一个人工智能聊天机器人。 Aidex 1.7之前版本存在代码注入漏洞,该漏洞源于/api/<string-chat>/message端点中content参数处理不当,可能导致命令执行攻击。
CVSS Information
N/A
Vulnerability Type
N/A