Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kottster app reinitialization can be re-triggered allowing command injection in development mode
Vulnerability Description
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Kottster 访问控制错误漏洞
Vulnerability Description
Kottster是kottster开源的一个即时Node.js管理面板。安全、自托管且易于设置。 Kottster 3.2.0版本至3.3.2之前版本存在访问控制错误漏洞,该漏洞源于开发模式下存在预认证远程代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A