Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HotCRP vulnerable to remote code execution through formulas
Vulnerability Description
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
HotCRP Conference Review Software 输入验证错误漏洞
Vulnerability Description
HotCRP Conference Review Software是Eddie Kohler个人开发者的一个软件。用于管理评审过程,尤其是学术会议。 HotCRP Conference Review Software 3.2之前版本存在输入验证错误漏洞,该漏洞源于HotCRP公式的代码生成清理不足,可能导致执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A