Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zend.To NSSDropoff.php exec os command injection
Vulnerability Description
A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release. Additional countermeasures have been added in 6.15-8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ZendTo 安全漏洞
Vulnerability Description
ZendTo是ZendTo公司的一套基于Web的文件传输系统。 ZendTo 6.10-6 Beta及之前版本存在安全漏洞,该漏洞源于文件NSSDropoff.php中参数file_1的错误操作导致os命令注入。
CVSS Information
N/A
Vulnerability Type
N/A