admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-10-29 15:12:46 +08:00 committed by GitHub
parent 3139a30f58
commit a070ffa1c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
GobyVuls-Document.md
View File

@ -3,6 +3,20 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
**Updated document date: October 11, 2024**
## CyberPanel /dataBases/upgrademysqlstatus Command Execution Vulnerability
| **Vulnerability** | GCyberPanel /dataBases/upgrademysqlstatus Command Execution Vulnerability|
| :----: | :-----|
| **Chinese name** | CyberPanel /dataBases/upgrademysqlstatus 命令执行漏洞 |
| **CVSS core** | 9.80 |
| **FOFA Query** (click to view the results directly)| [app="GCyberPanel"]
| **Number of assets affected** | 199,633 |
| **Description** |CyberPanel is an open source web control panel that provides a user-friendly interface for managing websites,emails, databases, FTP accounts, etc. |
| **Impact** | CyberPanel is designed to simplify website management tasks, allowing non-technical users to easily manage their online resources. The /dataBases/upgrademysqlstatus interface has a command execution vulnerability. Unauthorized attackers can execute arbitrary commands through this interface to obtain server permissions, resulting in serious consequences such as data leakage and server takeover.
| **Affected versions** |2.3.6
![](https://s3.bmp.ovh/imgs/2024/10/29/055e7294b806f1cc.gif)
## GiveWP WordPress Plugin /admin-ajax.php Command Execution Vulnerability (CVE-2024-8353)
| **Vulnerability** | GiveWP WordPress Plugin /admin-ajax.php Command Execution Vulnerability (CVE-2024-8353)|
| :----: | :-----|