Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZTE GoldenDB Database product has a DDE injection vulnerability
Vulnerability Description
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
ZTE GoldenDB 安全漏洞
Vulnerability Description
ZTE GoldenDB是中国中兴通讯(ZTE)公司的一款金融级交易型分布式数据库。用于金融、政企、电信等行业,提供高可用数据服务。 ZTE GoldenDB存在安全漏洞,该漏洞源于容易受到DDE注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A