Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xr87-5r29-58hr

Опубликовано: 21 июн. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 9.8

Описание

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

Ссылки

EPSS

Процентиль: 89%
0.04828
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-31794

Дефекты

CWE-78

Связанные уязвимости

nvd логотип

CVE-2022-31794

CVSS3: 9.8
nvd
больше 3 лет назад

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

fstec логотип

BDU:2022-04610

CVSS3: 9.8
fstec
почти 4 года назад

Уязвимость функции requestTempFile (hw_view.php) веб-интерфейса единой платформы консолидации для резервного копирования и архивирования FUJITSU ETERNUS CS8000, позволяющая нарушителю выполнять произвольные команды

EPSS

Процентиль: 89%
0.04828
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-31794

Дефекты

CWE-78