We found results for “”
WS-2019-0240
Date: September 9, 2019
wxchangba all versions are vulnerable to command injection when not validating user input on the reqPostMaterial function, passing contents of the file parameter to an exec call.
Language: JS
Severity Score
Related Resources (2)
Severity Score
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | LOW |