CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'

链接： https://github.com/advisories/GHSA-4gh4-j9hh-74h5

CVSS 评分： 10.0

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-50121
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf
https://github.com/advisories/GHSA-4gh4-j9hh-74h5

描述：

CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created
over the web interface HTTP when enabled. HTTP is disabled by default.

安全公告

#Github Advisory

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'

http://example.com/2025/07/11/github_3193556714/

作者

lianccc

发布于

2025年7月11日

许可协议

offsectraining Twitter Update ! 上一篇

Windows Update Service 权限提升漏洞下一篇