admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/kafka-ui_messages_remote_code_execution_vulnerability_(CVE-2023-52251).md

14 lines
1.5 KiB
Markdown
Raw Normal View History

Create kafka-ui_messages_remote_code_execution_vulnerability_(CVE-2023-52251).md
2024-02-29 17:38:49 +08:00
## kafka-ui messages remote code execution vulnerability (CVE-2023-52251)
| **Vulnerability** | kafka-ui messages remote code execution vulnerability (CVE-2023-52251) |
| :----: | :-----|
| **Chinese name** | kafka-ui messages 远程代码执行漏洞CVE-2023-52251 |
| **CVSS core** | 8.8 |
| **FOFA Query** (click to view the results directly)| [ app="kafka-ui"](https://en.fofa.info/result?qbase64=Ym9keT0iZm9udHMvUm9ib3RvTW9uby1SZWd1bGFyLnR0ZiIgfHwgYm9keT0iL2ZvbnRzL1JvYm90b01vbm8tTWVkaXVtLnR0ZiIgfHwgYm9keT0iVUkgZm9yIEFwYWNoZSBLYWZrYSI%3D)|
| **Number of assets affected** | 6503 |
| **Description** | The kafka-ui project is developed and maintained by Provectus Company and aims to provide Kafka users with a visual management tool to simplify the management and monitoring tasks of Kafka clusters.kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
| **Impact** | kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
![](https://s3.bmp.ovh/imgs/2024/02/29/fb6a40c3ef8c3953.gif).
Reference in New Issue Copy Permalink