admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2023-32315.md

13 lines
2.3 KiB
Markdown
Raw Normal View History

Create CVE-2023-32315.md add CVE-2023-32315
2023-06-16 21:27:51 +08:00
## Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)
| **Vulnerability** | **Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)** |
| :----: | :-----|
| **Chinese name** | Ignite Realtime Openfire 权限绕过漏洞CVE-2023-32315 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [(body="background: transparent url(images/login_logo.gif) no-repeat" && body="Openfire") \|\| (body="class=\"row justify-content-center\"" && body="\<title>Openfire 管理界面\</title>") \|\| title="Openfire Admin Console" \|\| title="Openfire HTTP Binding Service" \|\| (body="align=\"right\" id=\"jive-loginVersion" && body="Openfire") \|\| title="Открытый огонь Консоль Администрации" \|\| title=="Openfire 管理界面"](https://en.fofa.info/result?qbase64=KGJvZHk9ImJhY2tncm91bmQ6IHRyYW5zcGFyZW50IHVybChpbWFnZXMvbG9naW5fbG9nby5naWYpIG5vLXJlcGVhdCIgJiYgYm9keT0iT3BlbmZpcmUiKSB8fCAoYm9keT0iY2xhc3M9XCJyb3cganVzdGlmeS1jb250ZW50LWNlbnRlclwiIiAmJiBib2R5PSI8dGl0bGU%2BT3BlbmZpcmUg566h55CG55WM6Z2iPC90aXRsZT4iKSB8fCB0aXRsZT0iT3BlbmZpcmUgQWRtaW4gQ29uc29sZSIgfHwgdGl0bGU9Ik9wZW5maXJlIEhUVFAgQmluZGluZyBTZXJ2aWNlIiB8fCAoYm9keT0iYWxpZ249XCJyaWdodFwiIGlkPVwiaml2ZS1sb2dpblZlcnNpb24iICYmIGJvZHk9Ik9wZW5maXJlIikgfHwgdGl0bGU9ItCe0YLQutGA0YvRgtGL0Lkg0L7Qs9C%2B0L3RjCDQmtC%2B0L3RgdC%2B0LvRjCDQkNC00LzQuNC90LjRgdGC0YDQsNGG0LjQuCIgfHwgdGl0bGU9PSJPcGVuZmlyZSDnrqHnkIbnlYzpnaIi) |
| **Number of assets affected** | 49936 |
| **Description** | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
![](https://s3.bmp.ovh/imgs/2023/06/16/ab6c2f05e446d56a.gif)
Reference in New Issue Copy Permalink