关键漏洞信息: 漏洞类型: Command Injection 影响版本: <= 1.3.0 修复版本: 1.3.1 CVE ID: CVE-2023-38692 漏洞描述: Module Management Function in CloudExplorer Lite contains a command injection vulnerability. 影响: The installation function in module management allows for Command Injection. 复现步骤: 1\. Download the installation package using a specified URL, and using the run core function in the shell script to complete the installation. 1\. In the class, the method calls the method of , passing in , leading to unfiltered input. 1\. The function in uses to download the specified URL. If the download URL is not properly filtered, it can be exploited for Command Injection. 1\. Example: - - This command can cause the backend to execute . 1\. Using the parameter passed in , the backend will execute the command. 1\. After the request is sent, it proves that the backend host successfully executed the command. 解决方案: Upgrade the version to . The vulnerability has been fixed in this version. 参考信息: You can open an issue at the following URL for more detailed questions and comments: ``` https://github.com/CloudExplorer-Dev/CloudExplorer-Lite