N/A

A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.

N/A

N/A

Smanga 安全漏洞

Smanga是lkw199711个人开发者的一个 docker 直装的漫画流媒体阅读工具。 Smanga 3.2.7版本存在安全漏洞，该漏洞源于/php/path/rescan.php接口对mediaId参数清理不当，可能导致未经验证的攻击者注入操作系统命令，实现远程代码执行和服务器完全破解。

N/A

N/A