Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftp_file parameter and executes it using os.system() without sanitization or escaping.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FTP-Flask-python 安全漏洞
Vulnerability Description
FTP-Flask-python是Ajay Pandurang Paratmandali个人开发者的一个Python库。 FTP-Flask-python 5173b68及之前版本存在安全漏洞,该漏洞源于ftp_file参数未清理和转义,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A