| शीर्षक | Shanghai Baud DATA Communicatior Co., Ltd. Internet Behavior Management and Auditing System log_operate_clear Command Injection |
|---|
| विवरण | The Internet Behavior Management and Auditing System of Shanghai Baud DATA Communicatior Co., Ltd. contains a high-risk command execution vulnerability. Attackers can exploit this flaw by crafting a malicious start_code parameter and leveraging the system's insufficient input validation. This allows arbitrary system commands to be executed in the log_operate_clear module located in the /webui/modules/log/operate.mds file, potentially allowing full control of the server. This vulnerability can be triggered without authentication and directly impacts the security of core business data and continuity.
Complete Server Control: Attackers can execute arbitrary commands (e.g., file reading/writing, process control) and fully take over the server.
Sensitive Data Disclosure: Command injection can be used to steal critical data such as user behavior logs, network configurations, database credentials, etc.
Service Disruption Risk: Malicious commands may cause system crashes or disable auditing features, affecting business continuity.
Internal Network Lateral Movement: Compromised servers can serve as a jumping-off point to attack other internal systems, expanding the attack surface.
Legal and Compliance Risks: This vulnerability violates the Cybersecurity Law and industry data protection regulations, potentially leading to regulatory penalties and reputation damage. |
|---|
| स्रोत | ⚠️ https://github.com/koishi0x01/CVE/blob/main/CVE_2.md |
|---|
| उपयोगकर्ता | KOISH1 (UID 81283) |
|---|
| सबमिशन | 10/02/2025 04:11 PM (1 वर्ष पहले) |
|---|
| संयम | 21/02/2025 10:58 AM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 296491 [BDCOM Behavior Management and Auditing System तक 20250210 operate.mds log_operate_clear start_code अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|