Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ELOG configuration file authorization bypass
Vulnerability Description
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
ELog 安全漏洞
Vulnerability Description
ELog是Stefan Ritt个人开发者的一款有Web界面的电子日志软件。 ELog存在安全漏洞,该漏洞源于认证用户可修改或覆盖配置文件,可能导致拒绝服务。如果启用执行功能,攻击者可在主机上执行OS命令。
CVSS Information
N/A
Vulnerability Type
N/A