Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Copeland XWEB and XWEB Pro OS Command Injection
Vulnerability Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Copeland多款产品 操作系统命令注入漏洞
Vulnerability Description
Copeland XWEB 300D PRO等都是美国Copeland公司的一款先进的商用与工业制冷监控管理系统。 Copeland多款产品存在操作系统命令注入漏洞,该漏洞源于向parameters路由的map上传操作中map filename字段注入恶意输入,可能导致远程代码执行。以下产品受到影响:Copeland XWEB 300D PRO,Copeland XWEB 500D PRO,Copeland XWEB 500B PRO。
CVSS Information
N/A
Vulnerability Type
N/A