| शीर्षक | Aishida Co., Ltd. Aishida Co., Ltd.'s call center system amr2mp3 Command Injection |
|---|
| विवरण | A Remote Code Execution (RCE) vulnerability exists in the interface of Aishida Co., Ltd.'s call center system. Attackers can exploit this vulnerability by crafting malicious request parameters to execute arbitrary shell commands on the target server, thereby gaining full control of the system. The root cause is insufficient input validation, allowing attackers to inject command separators (e.g., ||) to trigger malicious code execution.
Full Server Compromise: Attackers can execute commands like rm -rf / or wget malicious_script, leading to data breaches or system crashes.
Lateral Movement: Compromised servers can be used as pivots to attack internal databases or other systems.
Compliance Risks: Violates Articles 21 and 25 of China’s Cybersecurity Law, exposing the company to legal penalties.
Reputation Damage: Data breaches severely harm brand credibility. |
|---|
| स्रोत | ⚠️ https://github.com/ZOKEYE/CVE/blob/main/CVE_1.md |
|---|
| उपयोगकर्ता | zokeye (UID 82808) |
|---|
| सबमिशन | 14/03/2025 03:33 PM (1 वर्ष पहले) |
|---|
| संयम | 28/03/2025 12:31 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 301889 [Aishida Call Center System तक 20250314 amr2mp3 Arquivo अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|