Описание
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| znuny | fixed | 6.5.13-1 | package | |
| znuny | no-dsa | bookworm | package |
Примечания
https://www.znuny.org/en/advisories/zsa-2025-03
Связанные уязвимости
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
Уязвимость веб-системы обработки заявок для служб поддержки клиентов, технической поддержки и управления ИТ-услугами Znuny, связанная с непринятием мер по нейтрализации инструкций в динамически исполняемом коде, позволяющая нарушителю повысить свои привилегии и выполнить произвольные команды