O se fa'afitauli fa'aletonu (CVE-2023-7101) ua fa'ailoaina i le Perl module Spreadsheet :: ParseExcel, lea e tu'uina atu ai galuega mo le fa'avasegaina o faila Excel, lea e fa'atagaina ai le fa'atinoina o le tulafono pe a fa'agasolo faila XLS po'o XLSX e aofia ai tulafono fa'atulagaina fa'apitoa. O le faʻafitauli e mafua mai i le faʻaogaina o faʻamatalaga na maua mai le faila o loʻo faʻagasolo pe a fausia le "eval" valaau. O loʻo faʻamauina le faʻafitauli i le Spreadsheet :: ParseExcel 0.66 faʻafouina. O loʻo i ai se faʻataʻitaʻiga o le faʻaogaina. Fa'ailoga vaivai: pe afai ($format_str =~ /^\[([<>=][^\]]+)\](.*)$/ ) { $conditional = $1; $format_str = $2; } ... $vaega = eval "$numera $tulaga" ? 0 : 1; O se faʻataʻitaʻiga o se faʻaoga mo le faʻatinoina o le whoami command: 1;system('whoami > /tmp/inject.txt')]123″/ >
O le faʻafitauli na faʻaalia e Barracuda Networks i le taimi o se suʻesuʻega o se osofaʻiga e tuʻu ai mea leaga ile Barracuda ESG (Email Security Gateway) masini. O le mafuaʻaga o le faʻaogaina o le masini o se 0-aso faʻafitauli (CVE-2023-7102) i le Spreadsheet :: ParseExcel module, faʻaaogaina i le Barracuda ESG e faʻapipiʻi faʻapipiʻi imeli i Excel format. Ina ia faʻatautaia lau code i luga o faiga e faʻaaoga ai le Barracuda ESG, na lava le lafoina o se imeli ma se faʻapipiʻi imeli faʻapitoa.
puna: opennet.ru