Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
Vulnerability Description
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
MHSanaei 3X-UI 输入验证错误漏洞
Vulnerability Description
mhsanaei 3x-ui是mhsanaei个人开发者开源的一个面板管理工具。 MHSanaei 3X-UI 3.3.1之前版本存在输入验证错误漏洞,该漏洞源于滥用数据库导入功能,通过修改数据库中存储的Xray配置值实现对主机上的任意文件写入,可能导致代码执行和持久访问。
CVSS Information
N/A
Vulnerability Type
N/A