Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Vulnerability Description
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
GreenShot 安全漏洞
Vulnerability Description
GreenShot是GreenShot公司的一款适用于 Windows 的轻量级屏幕截图软件工具。 GreenShot 1.3.310及之前版本存在安全漏洞,该漏洞源于文件名处理不当,可能导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A