Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

...

PT-2019-4652 · Ruby +8 · Ruby +8

Name of the Vulnerable Software and Affected Versions: Ruby versions 2.4.7 and earlier, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 Description: The issue allows code injection if the first argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an...

Shenzhen College of Information Technology V3. 0 injection vulnerability-vulnerability warning-the black bar safety net

Publishing author: xiaokis Affected version: V3. 0 Vulnerability type: SQL injection Vulnerability description: File: the newss. asp % on error resume next sql="update news set hits=hits+1 where id="&cstrrequest"id" conn. execute sql set rs=server. createobject"adodb. recordset" sql="select from...

opcms content management system Oday-vulnerability warning-the black bar safety net

漏洞 文件 cp.php file exists code execution vulnerability. http://127.0.0.1/cp.php?opc=phpinfo Background get the shell methods on the site information provided there, click on the email modified! Insert the following code ‘?& gt;/...