CNNVD-202508-377 Information

CNNVD ID

CNNVD-202508-377

Related CVE

CVE-2012-10033

• CNNVD Published: 2025-08-05

Description (Chinese)

narcissus是The Angstrom Distribution开源的一个在线图像组装器。 Narcissus存在安全漏洞，该漏洞源于未清理release参数，可能导致远程命令执行。

Description (English)

Narcissus is an online image assembler of the Angstrom Distribution open source. Narcissus had a security loophole, which stemmed from the failure to clear release parameters and could lead to remote command execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

The Angstrom Distribution

Published

2025-08-05

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/22856 https://www.exploit-db.com/exploits/22709 https://www.vulncheck.com/advisories/narcissus-image-config-command-injection https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/narcissus_backend_exec.rb https://narcissus.angstrom-distribution.org/ https://web.archive.org/web/20101127002623/ https://access.redhat.com/security/cve/cve-2012-10033