漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
Vulnerability Description
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.
CVSS Information
N/A
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Froxlor 注入漏洞
Vulnerability Description
Froxlor是Froxlor团队的一套轻量级服务器管理软件。 Froxlor 2.3.5之前版本存在注入漏洞,该漏洞源于DomainZones.add API端点未验证DNS记录内容字段,可能导致注入新行和BIND区域文件指令。
CVSS Information
N/A
Vulnerability Type
N/A