CVE-2018-20969
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-20969
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU patch 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU patch是GNU计划的一套用于生成补丁文件的工具。 GNU patch 2.7.6及之前版本中的pch.c文件的‘do_ed_script’函数存在安全漏洞,该漏洞源于程序接收了开头为!字符的字符串。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-20969
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-20969
请登录查看更多情报信息。
Patches & Fixes for CVE-2018-20969 (1)
- https://github.com/irsl/gnu-patch-vulnerabilitiesx_refsource_MISC
Vendor Advisories for CVE-2018-20969 (5)
Exploits & Public PoCs for CVE-2018-20969 (1)
Mailing List Discussions for CVE-2018-20969 (1)
Same Patch Batch · n/a · 2019-08-16 · 40 CVEs total
| CVE-2017-18544 | WordPress invite-anyone插件跨站请求伪造漏洞 | |
| CVE-2014-10376 | WordPress i-recommend-this插件SQL注入漏洞 | |
| CVE-2015-9324 | WordPress easy-digital-downloads插件SQL注入漏洞 | |
| CVE-2019-15116 | WordPress easy-digital-downloads插件跨站脚本漏洞 | |
| CVE-2015-9323 | WordPress 404-to-301插件SQL注入漏洞 | |
| CVE-2019-15115 | WordPress peters-login-redirect插件跨站请求伪造漏洞 | |
| CVE-2017-18547 | WordPress nelio-ab-testing插件跨站请求伪造漏洞 | |
| CVE-2018-20974 | WordPress js-jobs插件跨站请求伪造漏洞 | |
| CVE-2017-18546 | WordPress jayj-quicktag插件跨站请求伪造漏洞 | |
| CVE-2017-18545 | WordPress invite-anyone插件输入验证错误漏洞 | |
| CVE-2019-15120 | Kunena extension for Joomla! 跨站脚本漏洞 | |
| CVE-2017-18543 | WordPress invite-anyone插件访问控制错误漏洞 | |
| CVE-2019-15114 | WordPress formcraft-form-builder插件跨站请求伪造漏洞 | |
| CVE-2015-9322 | WordPress erident-custom-login-and-dashboard插件跨站请求伪造漏洞 | |
| CVE-2019-15113 | WordPress companion-sitemap-generator插件跨站请求伪造漏洞 | |
| CVE-2018-20973 | WordPress companion-auto-update插件输入验证错误漏洞 | |
| CVE-2018-20972 | WordPress companion-auto-update插件跨站请求伪造漏洞 | |
| CVE-2018-20971 | WordPress church-admin插件跨站请求伪造漏洞 | |
| CVE-2017-18542 | WordPress zendesk-help-center插件跨站脚本漏洞 | |
| CVE-2017-18541 | WordPress xo-security插件跨站脚本漏洞 |
Showing top 20 of 40 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2018-20969
No comments yet