admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 18:52:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2023-33246.md

13 lines
1.4 KiB
Markdown
Raw Normal View History

Create CVE-2023-33246.md CVE-2023-33246
2023-06-16 21:28:17 +08:00
## RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)
| **Vulnerability** | **RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)** |
| :----: | :-----|
| **Chinese name** | RocketMQ Broker rocketmqHome Config 远程命令执行漏洞CVE-2023-33246 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [protocol="rocketmq-broker"](https://en.fofa.info/result?qbase64=cHJvdG9jb2w9InJvY2tldG1xLWJyb2tlciI%3D) |
| **Number of assets affected** | 10087 |
| **Description** | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
![](https://github.com/gobysec/GobyVuls/blob/master/CVE-2023-33246.gif)
Reference in New Issue Copy Permalink