This vulnerability affects unknown code of the file /php/ping.php. The associated identifier of this vulnerability is VDB-248259.Ī vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). The exploit has been disclosed to the public and may be used. It is possible to initiate the attack remotely. The manipulation of the argument command with the input whoami leads to os command injection. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.Ī vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The identifier of this vulnerability is VDB-248940. The attack needs to be approached locally. The manipulation of the argument SetDownloadspeedMax leads to os command injection. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component Service. VDB-249086 is the identifier assigned to this vulnerability.Ī vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. The manipulation of the argument processId leads to os command injection. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |