Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
Vulnerability Description
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
MSoft MFlash 安全漏洞
Vulnerability Description
MSoft MFlash是俄罗斯MSoft公司的一款文档交换系统。 MSoft MFlash 8.0版本存在安全漏洞,该漏洞源于安全组件配置时参数验证不足,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A