Nette Plugins Remote Command Execution On Laravel
2023-10-4 03:21:57 Author: cxsecurity.com(查看原文) 阅读量:12 收藏
2023-10-4 03:21:57 Author: cxsecurity.com(查看原文) 阅读量:12 收藏
Nette Plugins Remote Command Execution On Laravel
Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Example: https://domain.com/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 Impact: Code injection, possible remote code execution. Patches: Fixed in nette/application 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette 2.0.19 and 2.1.13
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
文章来源: https://cxsecurity.com/issue/WLB-2023100012
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh