| Titolo | vivotek IB8367A VVTK-0100b command injection |
|---|
| Descrizione | vivotek IB8367A has command injection vulnerability in upload_file.cgi.The program receives the attacker's GET request through the getenv function at line 61, obtains the value of the first field through the code at line 69, and concatenates it into a formatted string using the snprintf function. Finally, the systemfunction is used to execute the system command. Because the attacker's input is not filtered, any command can be executed. |
|---|
| Fonte | ⚠️ https://yjz233.notion.site/vivotek-IB8367A-has-command-injection-vulnerability-in-upload_file-cgi-899e5d529fb14b4189534b2b9830bfff?pvs=4 |
|---|
| Utente | jylsec (UID 60282) |
|---|
| Sottomissione | 31/07/2024 15:35 (2 anni fa) |
|---|
| Moderazione | 02/08/2024 23:36 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 273528 [Vivotek IB8367A VVTK-0100b upload_file.cgi getenv QUERY_STRING escalationi di privilegi] |
|---|
| Punti | 17 |
|---|