CNNVD-202601-1820 Information
CNNVD ID
CNNVD-202601-1820
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
TinyWeb Server是Maxim Masiutin个人开发者的一个web服务器。 TinyWeb Server 1.98之前版本存在操作系统命令注入漏洞,该漏洞源于通过CGI ISINDEX样式查询参数传递命令,可能导致OS命令注入攻击。
Description (English)
TinyWeb Server is a web server for Maxim Masiutin personal developers. There was a loophole in the operating system commands in the pre-TinyWeb Server 1.98 version, which originated from the transmission of orders through CGI ISINDEX-style query parameters, which could lead to an OS command injection attack.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/maximmasiutin/TinyWeb/commit/876b7e2887f4ea5be3e18bb2af7313f23a283c96 https://github.com/maximmasiutin/TinyWeb/security/advisories/GHSA-m779-84h5-72q2 https://www.masiutin.net/tinyweb-cve-2025-cgi-command-injection.html
Patch
https://github.com/maximmasiutin/TinyWeb/releases
Share on: