3 matches found
CVE-2026-12219
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
CVE-2024-48944 Apache Kylin: SSRF vulnerability in the diagnosis api
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1 The attacker has got admin access to a kylin...
CVE-2024-48944 Apache Kylin: SSRF vulnerability in the diagnosis api
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1 The attacker has got admin access to a kylin...