漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenProject is Vulnerable to Code Execution in E-Mail function
Vulnerability Description
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
OpenProject 命令注入漏洞
Vulnerability Description
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.1及之前版本存在命令注入漏洞,该漏洞源于注册管理员可通过配置sendmail二进制路径并发送测试电子邮件来执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A