2 matches found
Remote Code Execution (RCE)
aliyundrivewebdav is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and sanitization of the sid parameter of the actionqueryqrcode component, which allows attackers to execute arbitrary code...
GHSA-73V2-RXQP-7Q4F aliyundrive-webdav vulnerable to Command Injection
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the actionqueryqrcode component...