admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-02-29 17:37:52 +08:00 committed by GitHub
parent b9c44b7e0b
commit 76cec1a103
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
GobyVuls-Document.md
View File

@ -1,7 +1,24 @@
# Goby History Update Vulnerability Total Document (Continuously Update) # Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: February 23, 2024** **Updated document date: February 29, 2024**
## kafka-ui messages remote code execution vulnerability (CVE-2023-52251)
| **Vulnerability** | kafka-ui messages remote code execution vulnerability (CVE-2023-52251) |
| :----: | :-----|
| **Chinese name** | kafka-ui messages 远程代码执行漏洞CVE-2023-52251 |
| **CVSS core** | 8.8 |
| **FOFA Query** (click to view the results directly)| [ app="kafka-ui"](https://en.fofa.info/result?qbase64=Ym9keT0iZm9udHMvUm9ib3RvTW9uby1SZWd1bGFyLnR0ZiIgfHwgYm9keT0iL2ZvbnRzL1JvYm90b01vbm8tTWVkaXVtLnR0ZiIgfHwgYm9keT0iVUkgZm9yIEFwYWNoZSBLYWZrYSI%3D)|
| **Number of assets affected** | 6503 |
| **Description** | The kafka-ui project is developed and maintained by Provectus Company and aims to provide Kafka users with a visual management tool to simplify the management and monitoring tasks of Kafka clusters.kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
| **Impact** | kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
![](https://s3.bmp.ovh/imgs/2024/02/29/fb6a40c3ef8c3953.gif).
## WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600) ## WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600)