# Goby History Update Vulnerability Total Document (Continuously Update) The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. **Updated document date: August 6, 2024** ## Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856) | **Vulnerability** | Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)| | :----: | :-----| | **Chinese name** | Apache OFbiz /ProgramExport 命令执行漏洞(CVE-2024-38856) | | **CVSS core** | 9.30 | | **FOFA Query** (click to view the results directly)| [ app=“Apache_OFBiz”](https://fofa.info/result?qbase64=YXBwPSJBcGFjaGVfT0ZCaXoi)| | **Number of assets affected** | 2,728 | | **Description** |Apache OFBiz is an e-commerce platform used to build multi-layer and distributed e-commerce application systems at the enterprise level, cross-platform, cross-database, and cross-application servers. | | **Impact** | Apache OFBiz has a logical flaw in handling the rendering of the view view, and an attacker can execute arbitrary code by constructing a special URL to override the final rendered view. | **Affected versions** |Apache OFBiz <= 18.12.14 ## ServiceNowUI /login.do Input Validation Vulnerability(CVE-2024-4879) | **Vulnerability** | ServiceNowUI /login.do Input Validation Vulnerability(CVE-2024-4879)| | :----: | :-----| | **Chinese name** | ServiceNowUI /login.do Jelly模板注入漏洞(CVE-2024-4879) | | **CVSS core** | 9.3 | | **FOFA Query** (click to view the results directly)| [ Product=="servicenow-Products"](https://fofa.info/result?qbase64=UHJvZHVjdD09InNlcnZpY2Vub3ctUHJvZHVjdHMi)| | **Number of assets affected** | 128,848 | | **Description** |ServiceNow is a business transformation platform. Through the various modules on the platform, ServiceNow can be used for a variety of purposes, from HR and employee management to automating workflows or serving as a knowledge base. | | **Impact** | ServiceNow's Jelly templates and Glide expressions have an injection vulnerability due to lax input validation. These vulnerabilities can be exploited by an unauthenticated attacker by crafting malicious requests to remotely execute code in ServiceNow. Affected versions: < Utah Patch 10 Hot Fix 3 < Utah Patch 10a Hot Fix 2 < Vancouver Patch 6 Hot Fix 2 < Vancouver Patch 7 Hot Fix 3b < Vancouver Patch 8 Hot Fix 4 < Vancouver Patch 9 < Vancouver Patch 10 < Washington DC Patch 1 Hot Fix 2b < Washington DC Patch 2 Hot Fix 2 < Washington DC Patch 3 Hot Fix 1 < Washington DC Patch 4 ![](https://s3.bmp.ovh/imgs/2024/07/17/7bd255e257963a8a.gif) ## Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability(CVE-2024-36991) | **Vulnerability** | Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability(CVE-2024-36991)) | | :----: | :-----| | **Chinese name** | Splunk Enterprise for Windows /en-US/modules/messaging 文件读取漏洞(CVE-2024-36991) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [ app="splunk-Enterprise"](https://fofa.info/result?qbase64=Ym9keT0iX19zcGx1bmtkX3BhcnRpYWxzX18iICB8fCAoaGVhZGVyPSJTZXQtQ29va2llOiBzcGx1bmt3ZWJfdWlkPSIgJiYgYm9keT0iZW50ZXJwcmlzZSIp)| | **Number of assets affected** | 218643 | | **Description** |Splunk Enterprise is a data analysis and search tool used for real-time collection, monitoring, and analysis of big data generated by machines, such as log files, clickstreams, and sensor data. It enables users to correlate and analyze data across multiple sources and formats, providing insights into operational efficiency, security, and customer behavior. | | **Impact** | In the Windows version of Splunk Enterprise, the Python os.path.join function is used to construct paths. This function, when processing paths, will remove the drive letter from the path marker if the drive letter in the path matches that in the constructed path. This allows attackers to access or modify files on the system by constructing specific requests. Affected versions: From 9.2.0 to 9.2.1 (excluding 9.2.2) From 9.1.0 to 9.1.4 (excluding 9.1.5) From 9.0.0 to 9.0.9 (excluding 9.0.10)| ![](https://s3.bmp.ovh/imgs/2024/07/10/cd9b5cdf1172c646.gif) ## GeoServer /geoserver/wfs Code Execution Vulnerability(CVE-2024-36401) | **Vulnerability** | GeoServer /geoserver/wfs Code Execution Vulnerability(CVE-2024-36401) | | :----: | :-----| | **Chinese name** | GeoServer /geoserver/wfs 远程代码执行漏洞(CVE-2024-36401) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [ app="GeoServer"](https://fofa.info/result?qbase64=Ym9keT0iL29yZy5nZW9zZXJ2ZXIud2ViLkdlb1NlcnZlckJhc2VQYWdlLyIgfHwgYm9keT0iY2xhc3M9XCJnZW9zZXJ2ZXIgbGViZWciIHx8IGJvZHk9Ii93ZWJhcHBzL2dlb3NlcnZlciIgfHwgKGJvZHk9IndpbmRvdy5sb2NhdGlvbi5yZXBsYWNlKFwid2ViL1wiKTsiICYmIGJvZHk9Imdlb3NlcnZlciIpIHx8IHRpdGxlPSJHZW9TZXJ2ZXIi)| | **Number of assets affected** | 7962 | | **Description** |GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.| | **Impact** | The attacker can inject malicious parameters through a specific query string to execute arbitrary code to take over the server.| ![](https://s3.bmp.ovh/imgs/2024/07/03/6095c50407de1221.gif) ## XAMPP PHP-CGI Windows Code Execution Vulnerability | **Vulnerability** | XAMPP PHP-CGI Windows Code Execution Vulnerability | | :----: | :-----| | **Chinese name** | XAMPP Windows PHP-CGI 代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [ app="php-CGI"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYYW1wcHNfaW5mbyIgfHwgYmFubmVyPSJYYW1wcHNfaW5mbyIgfHwgYm9keT0iL3hhbXBwcy5qcGciIHx8IChoZWFkZXI9ImxvY2F0aW9uIGh0dHAiICYmIGhlYWRlcj0ieGFtcHAiKSB8fCBib2R5PSJjb250ZW50PVwiS2FpIE9zd2FsZCBTZWlkbGVyIiB8fCB0aXRsZT0iWEFNUFAgZm9yIiB8fCB0aXRsZT0iWEFNUFAgVmVyc2lvbiIgfHwgYm9keT0iZm9udC1zaXplOiAxLjJlbTsgY29sb3I6IHJlZDtcIj5OZXcgWEFNUFAiIHx8IGhlYWRlcj0ieGFtcHAgdXNlciIgfHwgdGl0bGU9IldlbGNvbWUgdG8gWEFNUFAiIHx8IGJvZHk9ImNvbnRlbnQ9XCJYQU1QUCAiIHx8IChoZWFkZXI9IlNlcnZlcjogQXBhY2hlIiAmJiBoZWFkZXI9IldpbjY0IiAmJiBoZWFkZXI9IlBIUC8iKQ%3D%3D)| | **Number of assets affected** | 7631 | | **Description** |PHP is a scripting language executed on the server side. There was a command execution vulnerability before version 8.3.8 of PHP. Due to the "Best-Fit Mapping" feature of Windows, non-ASCII characters may be incorrectly mapped to dash (-) when processing query strings, resulting in command line parameter parsing errors. When php_cgi runs on the Windows platform and the code page is in traditional Chinese, simplified Chinese or Japanese, the attacker can inject malicious parameters through a specific query string to execute arbitrary code.| | **Impact** | The attacker can inject malicious parameters through a specific query string to execute arbitrary code to take over the server.| ![](https://s3.bmp.ovh/imgs/2024/06/12/f9b2da5202c78411.gif) ## CheckPoint Gateway /clients/MyCRL File Reading Vulnerability(CVE-2024-24919) | **Vulnerability** | CheckPoint Gateway /clients/MyCRL File Reading Vulnerability(CVE-2024-24919) | | :----: | :-----| | **Chinese name** | CheckPoint Gateway /clients/MyCRL 文件读取漏洞(CVE-2024-24919) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [ app="Check_Point-SSL-Extender"](https://en.fofa.info/result?qbase64=Ym9keT0iL25leHVzLSIgJiYgYm9keT0iUmVwb3NpdG9yeSI%3D)| | **Number of assets affected** | 77631 | | **Description** | CheckPoint Gateway is a network security device developed by CheckPoint Software Technology Company, which is mainly used to protect network infrastructure from various network threats.There is a file reading vulnerability under the CheckPoint Gateway /clients/MyCRL path. The attacker can construct a malicious request to traverse the file on the system, causing sensitive information leakage.| | **Impact** | There is a file reading vulnerability under the CheckPoint Gateway /clients/MyCRL path. The attacker can construct a malicious request to traverse the file on the system, causing sensitive information leakage.| ![](https://s3.bmp.ovh/imgs/2024/05/30/3d61c449449138c0.gif) ## Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956) | **Vulnerability** | Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956) | | :----: | :-----| | **Chinese name** | Sonatype Nexus Repository Manager 文件读取漏洞(CVE-2024-4956) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [ app="Sonatype-Nexus"](https://en.fofa.info/result?qbase64=Ym9keT0iL25leHVzLSIgJiYgYm9keT0iUmVwb3NpdG9yeSI%3D)| | **Number of assets affected** | 93784 | | **Description** | Nexus Repository Manager, commonly referred to as Nexus, is a product by Sonatype. It is currently the most popular repository management software globally, offering a powerful repository manager that greatly simplifies the maintenance of internal repositories and access to external repositories.In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.| | **Impact** | In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.| ![](https://s3.bmp.ovh/imgs/2024/05/23/8b5ae355137fa582.gif) ## Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) | **Vulnerability** | Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) | | :----: | :-----| | **Chinese name** | Masa/Mura CMS /index.cfm/_api/json/v1/default/ SQL 注入漏洞(CVE-2024-32640) | | **CVSS core** | 8.6 | | **FOFA Query** (click to view the results directly)| [ app="Mura-CMS"](https://en.fofa.info/result?qbase64=Ym9keT0iTXVyYSBDTVMiIHx8IGhlYWRlcj0iTXVyYSBDTVMiIHx8IGJhbm5lcj0iTXVyYSBDTVMi)| | **Number of assets affected** | 9849 | | **Description** | Masa CMS is a digital experience platform, created by blueriver as Mura CMS, forked by We Are North. Masa CMS was designed to build ambitious web, multi-channel, business-to-business and business-to-employee applications, and create Flow in the digital experience for Content Managers, Content Contributors, Marketers and Developers. Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.| | **Impact** | Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.| ![](https://s3.bmp.ovh/imgs/2024/05/15/e3c7cf8ea979ae28.gif) ## CrushFTP /WebInterface/function File Read Vulnerability | **Vulnerability** | CrushFTP /WebInterface/function File Read Vulnerability | | :----: | :-----| | **Chinese name** | CrushFTP /WebInterface/function 文件读取漏洞 | | **CVSS core** | 7.7 | | **FOFA Query** (click to view the results directly)| [app="crushftp"](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D)| | **Number of assets affected** | 36803 | | **Description** | CrushFTP is a cross-platform FTP server software that supports FTP, FTPS, SFTP, HTTP, HTTPS and other protocols.There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain management access, and Execute the code remotely on the server.| | **Impact** | There were server-side template injection vulnerabilities before CrushFTP version 10.7.1 and before version 11.1.0, which may cause unauthenticated threats to read files from the file system outside the virtual file system (VFS) sandbox, bypass authentication to obtain administrative access, and remotely execute code on the server.| ![](https://s3.bmp.ovh/imgs/2024/04/26/2b696d3bc719d502.gif) ## Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc File Read Vulnerability (CVE-2024-20767) | **Vulnerability** | Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc File Read Vulnerability (CVE-2024-20767) | | :----: | :-----| | **Chinese name** | Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc 文件读取漏洞 (CVE-2024-20767) | | **CVSS core** | 8.2 | | **FOFA Query** (click to view the results directly)| [app="Adobe-ColdFusion"](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D)| | **Number of assets affected** | 504562 | | **Description** | Adobe ColdFusion is a commercial application server developed by Adobe for web application development. The vulnerability allows an attacker to read important system files (e.g., database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure web site.| | **Impact** | The vulnerability allows an attacker to read important system files (e.g., database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure web site. | ![](https://s3.bmp.ovh/imgs/2024/03/28/d8f5c5bf74cb4017.gif) ## JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199) | **Vulnerability** | JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199) | | :----: | :-----| | **Chinese name** | JetBrains TeamCity 权限绕过漏洞(CVE-2024-27198 & CVE-2024-27199) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="JET_BRAINS-TeamCity"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJUZWFtY2l0eSIgfHwgYmFubmVyPSJUZWFtY2l0eSIgfHwgdGl0bGU9IlRlYW1DaXR5IiB8fCBib2R5PSJjb250ZW50PVwiVGVhbUNpdHkgKExvZyBpbiB0byBUZWFtQ2l0eSI%3D)| | **Number of assets affected** | 141734 | | **Description** | JetBrains TeamCity is a continuous integration and continuous delivery (CI/CD) server developed by JetBrains. It provides a powerful platform for automating the building, testing and deployment of software projects. TeamCity aims to simplify team collaboration and software delivery processes, improve development team efficiency and product quality.JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2024/03/21/247110c62504abd3.gif) ## Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194) | **Vulnerability** | Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194) | | :----: | :-----| | **Chinese name** | Apache Druid Kafka Connect 远程代码执行漏洞(CVE-2023-25194) | | **CVSS core** | 8.8 | | **FOFA Query** (click to view the results directly)| [app="APACHE-Druid"](https://en.fofa.info/result?qbase64=Ym9keT0iQXBhY2hlIERydWlkIGNvbnNvbGUiIHx8IHRpdGxlPSJBcGFjaGUgRHJ1aWQiIHx8IGhlYWRlcj0idW5pZmllZC1jb25zb2xlLmh0bWwiIHx8IGJhbm5lcj0idW5pZmllZC1jb25zb2xlLmh0bWwi)| | **Number of assets affected** |2935 | | **Description** | Apache Druid is an open source distributed data storage and analysis system. It is designed to handle large-scale real-time data and provide fast interactive query and analysis.Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2024/03/15/7a1efed457cb487c.gif) ## ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334) | **Vulnerability** | ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334) | | :----: | :-----| | **Chinese name** | ComfyUI follow_symlinks 文件读取漏洞(CVE-2024-23334) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [app="ComfyUI"](https://en.fofa.info/result?qbase64=dGl0bGU9IkNvbWZ5VUki)| | **Number of assets affected** | 1564 | | **Description** | ComfyUI is a powerful, modular stable diffusion GUI, API, and backend. It provides a graphical/node interface for designing and managing stable diffusion pipelines.ComfyUI uses a low version of aiohttp as a web server and configures static routes with the follow_symlinks option enabled, leading to an arbitrary file read vulnerability. The vulnerability allows an attacker to read leaked source code, database configuration files, etc., resulting in a highly insecure web site. | | **Impact** | ComfyUI uses a lower version of the aiohttp component as the web server and configures static routing with the follow_symlinks option enabled, resulting in an arbitrary file reading vulnerability. Attackers can use this vulnerability to read leaked source code, database configuration files, etc., causing the website to be in an extremely unsafe state. | ![](https://s3.bmp.ovh/imgs/2024/03/01/2b4bae4fd8ab1926.gif) ## WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600) | **Vulnerability** | WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600) | | :----: | :-----| | **Chinese name** | WordPress Bricks render_element 远程代码执行漏洞(CVE-2024-25600) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="wordpress-bricks"](https://en.fofa.info/result?qbase64=Ym9keT0iL3dwLWNvbnRlbnQvdGhlbWVzL2JyaWNrcyI%3D)| | **Number of assets affected** | 25433 | | **Description** | WordPress Bricks is an innovative, community driven, and visual WordPress website builder that allows you to design unique, high-performance, and scalable websites.WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server. | | **Impact** | WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2024/02/23/70784f1d16f8316e.gif) ## Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931) | **Vulnerability** | Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931) | | :----: | :-----| | **Chinese name** | Weblogic ForeignOpaqueReference 远程代码执行漏洞(CVE-2024-20931) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Weblogic_interface_7001"](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIil8fCh0aXRsZT09IkVycm9yIDQwNC0tTm90IEZvdW5kIikgfHwgKCgoYm9keT0iPGgxPkJFQSBXZWJMb2dpYyBTZXJ2ZXIiIHx8IHNlcnZlcj0iV2VibG9naWMiIHx8IGJvZHk9ImNvbnRlbnQ9XCJXZWJMb2dpYyBTZXJ2ZXIiIHx8IGJvZHk9IjxoMT5XZWxjb21lIHRvIFdlYmxvZ2ljIEFwcGxpY2F0aW9uIiB8fCBib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9ImJvYSIgJiYgaGVhZGVyIT0iUm91dGVyT1MiICYmIGhlYWRlciE9IlgtR2VuZXJhdG9yOiBEcnVwYWwiKSB8fCAoYmFubmVyPSJXZWJsb2dpYyIgJiYgYmFubmVyIT0iY291Y2hkYiIgJiYgYmFubmVyIT0iZHJ1cGFsIiAmJiBiYW5uZXIhPSIgQXBhY2hlLFRvbWNhdCxKYm9zcyIgJiYgYmFubmVyIT0iUmVlQ2FtIElQIENhbWVyYSIgJiYgYmFubmVyIT0iPGgyPkJsb2cgQ29tbWVudHM8L2gyPiIpKSB8fCAocG9ydD0iNzAwMSIgJiYgcHJvdG9jb2w9PSJ3ZWJsb2dpYyIp)| | **Number of assets affected** | 194125 | | **Description** | WebLogic Server is one of the application server components suitable for both cloud and traditional environments.WebLogic has a remote code execution vulnerability that allows an unauthenticated attacker to access and destroy a vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can cause WebLogic Server to be taken over by an attacker, resulting in remote code execution. | | **Impact** | There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution. | ![](https://s3.bmp.ovh/imgs/2024/02/23/70784f1d16f8316e.gif) ## Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893) | **Vulnerability** | Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893) | | :----: | :-----| | **Chinese name** | JIvanti Connect Secure 和 Policy Secure saml20.ws 服务端请求伪造漏洞(CVE-2024-21893) | | **CVSS core** | 8.2 | | **FOFA Query** (click to view the results directly)| [app="PulseSecure-SSL-VPN"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJEU0Jyb3dzZXJJRCIgfHwgYmFubmVyPSJEU0Jyb3dzZXJJRCIgfHwgYm9keT0iL2RhbmEtbmEvO2V4cGlyZXM9IiB8fCBib2R5PSJkYW5hLWNhY2hlZC9pbWdzL3NwYWNlLmdpZiIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9zcGFjZS5naWYiIHx8IGJvZHk9Ii9kYW5hLW5hL2ltZ3MvUHJvZHVjdF9mYXZpY29uLnBuZyIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9JdmFudGlfZmF2aWNvbi5wbmciIHx8IGJvZHk9Ii9kYW5hLW5hL2Nzcy9kcy5qcyIgfHwgYm9keT0iZHNfbW9iaWxlX3NhZmFyaS5jc3MiIHx8IGJvZHk9IndlbGNvbWUuY2dpP3A9bG9nbyZzaWduaW5JZD11cmxfZGVmYXVsdCIgfHwgYm9keT0iPGI%2BUHVsc2UgQ29ubmVjdCBTZWN1cmU8L2I%2BIiB8fCB0aXRsZT0iU2VjdXJlIEFjY2VzcyBTU0wgVlBOIiB8fCBiYW5uZXI9Ii9kYW5hLW5hL2F1dGgvdXJsX2RlZmF1bHQiIHx8IGhlYWRlcj0iL2RhbmEtbmEvYXV0aC91cmxfZGVmYXVsdCIgfHwgYm9keT0ic3JjPVwiL2RhbmEtbmEvYXV0aC8i)| | **Number of assets affected** | 399547 | | **Description** | Ivanti Connect/Policy Secure is a secure remote network connection tool from the American company Ivanti.Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. | | **Impact** | Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. | ![](https://s3.bmp.ovh/imgs/2024/02/06/b02b7373188c6998.gif) ## Jenkins args4j file read vulnerability (CVE-2024-23897) | **Vulnerability** | Jenkins args4j file read vulnerability (CVE-2024-23897) | | :----: | :-----| | **Chinese name** | Jenkins args4j 文件读取漏洞(CVE-2024-23897) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Jenkins"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYLUplbmtpbnMiIHx8IGJhbm5lcj0iWC1KZW5raW5zIiB8fCBoZWFkZXI9IlgtSHVkc29uIiB8fCBiYW5uZXI9IlgtSHVkc29uIiB8fCBoZWFkZXI9IlgtUmVxdWlyZWQtUGVybWlzc2lvbjogaHVkc29uLm1vZGVsLkh1ZHNvbi5SZWFkIiB8fCBiYW5uZXI9IlgtUmVxdWlyZWQtUGVybWlzc2lvbjogaHVkc29uLm1vZGVsLkh1ZHNvbi5SZWFkIiB8fCBib2R5PSJKZW5raW5zLUFnZW50LVByb3RvY29scyI%3D)| | **Number of assets affected** | 729753 | | **Description** | CloudBees Jenkins (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by American CloudBees Company. It is mainly used to monitor continuous software version release/test projects and some regularly executed tasks.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. | | **Impact** | Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. | ![](https://s3.bmp.ovh/imgs/2024/01/26/bb74a2a4f3c0cdbc.gif) ## GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204) | **Vulnerability** | GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204) | | :----: | :-----| | **Chinese name** | GoAnywhere MFT InitialAccountSetup.xhtml 绕过漏洞(CVE-2024-0204) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="GoAnywhere-MFT"](https://en.fofa.info/result?qbase64=dGl0bGU9IkdvQW55d2hlcmUiIHx8IGhlYWRlcj0iL2dvYW55d2hlcmUiIHx8IGJhbm5lcj0iL2dvYW55d2hlcmUi)| | **Number of assets affected** | 4468 | | **Description** | GoAnywhere MFT (Managed File Transfer) is an enterprise-class file transfer solution provided by HelpSystems, designed to meet the needs of organizations for secure, manageable and automated file transfer.Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system. | | **Impact** | Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system. | ![](https://s3.bmp.ovh/imgs/2024/01/24/fed22927c8fb9a5f.gif). ## Atlassian Confluence template/aui/text-inline.vm code execution vulnerability (CVE-2023-22527) | **Vulnerability** | Atlassian Confluence template/aui/text-inline.vm code execution vulnerability (CVE-2023-22527) | | :----: | :-----| | **Chinese name** | Atlassian Confluence template/aui/text-inline.vm 代码执行漏洞(CVE-2023-22527) | | **CVSS core** | 10 | | **FOFA Query** (click to view the results directly)| [ app="ATLASSIAN-Confluence"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYLUNvbmZsdWVuY2UtIiB8fCBiYW5uZXI9IlgtQ29uZmx1ZW5jZS0iIHx8IChib2R5PSJuYW1lPVwiY29uZmx1ZW5jZS1iYXNlLXVybFwiIiAmJiBib2R5PSJpZD1cImNvbS1hdGxhc3NpYW4tY29uZmx1ZW5jZSIpIHx8IHRpdGxlPSJBdGxhc3NpYW4gQ29uZmx1ZW5jZSIgfHwgKHRpdGxlPT0iRXJyb3JzIiAmJiBib2R5PSJDb25mbHVlbmNlIik%3D)| | **Number of assets affected** | 1190821 | | **Description** | Atlassian Confluence is an enterprise team collaboration and knowledge management software developed by Atlassian that provides a centralized platform for creating, organizing and sharing your team's documents, knowledge base, project plans and collaborative content.Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version. | | **Impact** | Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version. | ![](https://s3.bmp.ovh/imgs/2024/01/23/1888fed69ab36f7a.gif) ## Ivanti Connect Secure and Policy Secure keys-status remote command execution vulnerability (CVE-2023-46805/CVE-2024-21887) | **Vulnerability** | Ivanti Connect Secure and Policy Secure keys-status remote command execution vulnerability (CVE-2023-46805/CVE-2024-21887) | | :----: | :-----| | **Chinese name** | Ivanti Connect Secure 和 Policy Secure keys-status 远程命令执行漏洞(CVE-2023-46805/CVE-2024-21887) | | **CVSS core** | 9.1 | | **FOFA Query** (click to view the results directly)| [app="Ivanti Connect Secure"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJEU0Jyb3dzZXJJRCIgfHwgYmFubmVyPSJEU0Jyb3dzZXJJRCIgfHwgYm9keT0iL2RhbmEtbmEvO2V4cGlyZXM9IiB8fCBib2R5PSJkYW5hLWNhY2hlZC9pbWdzL3NwYWNlLmdpZiIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9zcGFjZS5naWYiIHx8IGJvZHk9Ii9kYW5hLW5hL2ltZ3MvUHJvZHVjdF9mYXZpY29uLnBuZyIgfHwgYm9keT0iL2RhbmEtbmEvaW1ncy9JdmFudGlfZmF2aWNvbi5wbmciIHx8IGJvZHk9Ii9kYW5hLW5hL2Nzcy9kcy5qcyIgfHwgYm9keT0iZHNfbW9iaWxlX3NhZmFyaS5jc3MiIHx8IGJvZHk9IndlbGNvbWUuY2dpP3A9bG9nbyZzaWduaW5JZD11cmxfZGVmYXVsdCI%3D)| | **Number of assets affected** | 154590 | | **Description** | Ivanti is a software and information technology services company focused on providing solutions for IT management, security, service management and endpoint management. Ivanti Connect Secure and Ivanti Policy Secure are part of two security solutions from Ivanti for network security and connectivity management.There is a command injection vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x). The authentication bypass vulnerability and the command injection vulnerability can be used to send specially crafted requests and Execute arbitrary commands on the device. | | **Impact** | which utilizes authentication to bypass the vulnerability and in combination with command injection vulnerabilities, can send customized requests and execute arbitrary commands on the device, gain server privileges, and thus control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/10/10/ec147824884d3597.gif). ## Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467) | **Vulnerability** | **Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)** | | :----: | :-----| | **Chinese name** | Apache OFBiz webtools/control/ProgramExport 远程代码执行漏洞(CVE-2023-51467) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Apache_OFBiz"](https://en.fofa.info/result?qbase64=Y2VydD0iT3JnYW5pemF0aW9uYWwgVW5pdDogQXBhY2hlIE9GQml6IiB8fCAoYm9keT0id3d3Lm9mYml6Lm9yZyIgJiYgYm9keT0iL2ltYWdlcy9vZmJpel9wb3dlcmVkLmdpZiIpIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogT0ZCaXouVmlzaXRvciIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D) | | **Number of assets affected** | 5912 | | **Description** |Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | | **Impact** | Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/12/28/f81ea49af8383f1b.gif) ## Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070) | **Vulnerability** | Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070) | | :----: | :-----| | **Chinese name** | Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞(CVE-2023-49070) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Apache_OFBiz"](https://en.fofa.info/result?qbase64=Y2VydD0iT3JnYW5pemF0aW9uYWwgVW5pdDogQXBhY2hlIE9GQml6IiB8fCAoYm9keT0id3d3Lm9mYml6Lm9yZyIgJiYgYm9keT0iL2ltYWdlcy9vZmJpel9wb3dlcmVkLmdpZiIpIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogT0ZCaXouVmlzaXRvciIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D) | | **Number of assets affected** | 5883 | | **Description** | Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | | **Impact** | Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/12/07/a73e0ef58369cbd8.gif) ## CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177) | **Vulnerability** | CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177) | | :----: | :-----| | **Chinese name** | CrushFTP as2-to 认证权限绕过漏洞(CVE-2023-43177) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="crushftp-WebInterface"](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D) | | **Number of assets affected** | 38695 | | **Description** | CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. | | **Impact** | CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. | ![](https://s3.bmp.ovh/imgs/2023/11/30/8d49b65293d87b3a.gif) ## Splunk Enterprise XSLT Command Execute Vulnerability (CVE-2023-46214) | **Vulnerability** | Splunk Enterprise XSLT Command Execute Vulnerability (CVE-2023-46214) | | :----: | :-----| | **Chinese name** | Splunk Enterprise XSLT 命令执行漏洞(CVE-2023-46214) | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [app="splunk-Enterprise"](https://en.fofa.info/result?qbase64=Ym9keT0iX19zcGx1bmtkX3BhcnRpYWxzX18iICB8fCAoaGVhZGVyPSJTZXQtQ29va2llOiBzcGx1bmt3ZWJfdWlkPSIgJiYgYm9keT0iZW50ZXJwcmlzZSIp)| | **Number of assets affected** | 134567 | | **Description** | Splunk Enterprise is a data collection and analysis software developed by Splunk Corporation in the United States. This software is mainly used for collecting, indexing, and analyzing the data it generates, including data generated by all IT systems and infrastructure (physical, virtual machines, and cloud).Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances. | | **Impact** | Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances. | ![](https://s3.bmp.ovh/imgs/2023/11/27/4f67b965b611da68.gif) ## SysAid userentry file upload vulnerability (CVE-2023-47246) | **Vulnerability** | SysAid userentry file upload vulnerability (CVE-2023-47246) | | :----: | :-----| | **Chinese name** | SysAid userentry 文件上传漏洞(CVE-2023-47246) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [ app="SysAid-Help-Desk"](https://en.fofa.info/result?qbase64=Ym9keT0ic3lzYWlkLWxvZ28tZGFyay1ncmVlbi5wbmciIHx8IHRpdGxlPSJTeXNBaWQgSGVscCBEZXNrIFNvZnR3YXJlIiB8fCBib2R5PSJIZWxwIERlc2sgc29mdHdhcmUgPGEgaHJlZj1cImh0dHA6Ly93d3cuc3lzYWlkLmNvbVwiPmJ5IFN5c0FpZDwvYT4i)| | **Number of assets affected** | 1819 | | **Description** | SysAid is an information technology (IT) service management and help desk solution designed to help organizations more effectively manage their IT infrastructure, help desk support and user needs. SysAid provides a series of functions, including fault reporting, asset management, problem management, change management, knowledge base, automated workflow, etc., to help enterprises improve the efficiency and quality of IT services.SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled. | | **Impact** | SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled. | ![](https://s3.bmp.ovh/imgs/2023/11/15/105d49cb7220f659.gif) ## Honeywell PM43 loadfile.lp file command execution vulnerability (CVE-2023-3710) | **Vulnerability** | Honeywell PM43 loadfile.lp file command execution vulnerability (CVE-2023-3710) | | :----: | :-----| | **Chinese name** | Honeywell PM43 loadfile.lp 文件命令执行漏洞(CVE-2023-3710) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Honeywell PM43 "](https://en.fofa.info/result?qbase64=aGVhZGVyPSJQTTQzIiB8fCBiYW5uZXI9IlBNNDMiIHx8IHRpdGxlPSJQTTQzIiB8fCBib2R5PSIvbWFpbi9sb2dpbi5sdWE%2FcGFnZWlkPUNvbmZpZ3VyZSI%3D)| | **Number of assets affected** | 96 | | **Description** | The Honeywell PM43 is a printer product of the American company Honeywell.Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | | **Impact** | Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/10/17/ff602decce69f83b.gif) ## JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793) | **Vulnerability** | JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793) | | :----: | :-----| | **Chinese name** | JetBrains TeamCity 远程命令执行漏洞(CVE-2023-42793) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="JET_BRAINS-TeamCity"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJUZWFtY2l0eSIgfHwgYmFubmVyPSJUZWFtY2l0eSIgfHwgdGl0bGU9IlRlYW1DaXR5IiB8fCBib2R5PSJjb250ZW50PVwiVGVhbUNpdHkgKExvZyBpbiB0byBUZWFtQ2l0eSI%3D)| | **Number of assets affected** | 26963 | | **Description** | JetBrains TeamCity is a general CI/CD software platform developed by JetBrains.JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user. | | **Impact** | JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user. | ![](https://s3.bmp.ovh/imgs/2023/10/13/d46d67aca09ab4ae.gif) ## JeeSpringCloud uploadFile.jsp file upload vulnerability | **Vulnerability** | JeeSpringCloud uploadFile.jsp file upload vulnerability | | :----: | :-----| | **Chinese name** | JeeSpringCloud uploadFile.jsp 文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="JeeSpringCloud"](https://en.fofa.info/result?qbase64=Ym9keT0iL2plZVNwcmluZ1N0YXRpYy9wbHVncy9qcXVlcnkvanF1ZXJ5IiB8fCBoZWFkZXI9ImNvbS5qZWVzcHJpbmcuc2Vzc2lvbi5pZCIgfHwgaGVhZGVyPSJjb20uamVlc3ByaW5nLnNlc3Npb24uaWQi)| | **Number of assets affected** | 282 | | **Description** | JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled. | | **Impact** | An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/10/12/800e0ccfe95d6cbb.gif) ## Atlassian Confluence permission bypass vulnerability (CVE-2023-22515) | **Vulnerability** | Atlassian Confluence permission bypass vulnerability (CVE-2023-22515) | | :----: | :-----| | **Chinese name** | Atlassian Confluence 权限绕过漏洞(CVE-2023-22515) | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [app="ATLASSIAN-Confluence"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJDb25mbHVlbmNlIiB8fCBiYW5uZXI9IkNvbmZsdWVuY2UiIHx8IGJvZHk9ImNvbmZsdWVuY2UtYmFzZS11cmwiIHx8IGJvZHk9ImNvbS1hdGxhc3NpYW4tY29uZmx1ZW5jZSIgfHwgIHRpdGxlPSJBdGxhc3NpYW4gQ29uZmx1ZW5jZSIgfHwgKHRpdGxlPT0iRXJyb3JzIiAmJiBib2R5PSJDb25mbHVlbmNlIik%3D)| | **Number of assets affected** | 97667 | | **Description** | Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. | | **Impact** | A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. | ![](https://s3.bmp.ovh/imgs/2023/10/11/c0c440512d0c5ee2.gif) ## Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846) | **Vulnerability** | Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846) | | :----: | :-----| | **Chinese name** | Junos webauth_operation.php PHPRC 代码执行漏洞(CVE-2023-36845/CVE-2023-36846) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="JUNIPer-Web-Device-Manager"](https://en.fofa.info/result?qbase64=IHRpdGxlPSJKdW5pcGVyIFdlYiBEZXZpY2UgTWFuYWdlciIgfHwgYmFubmVyPSJqdW5pcGVyIiB8fCBoZWFkZXI9Imp1bmlwZXIiIHx8IGJvZHk9InN2ZzRldmVyeWJvZHkvc3ZnNGV2ZXJ5Ym9keS5qcyIgfHwgYm9keT0ianVuaXBlci5uZXQvdXMvZW4vbGVnYWwtbm90aWNlcyIgfHwgYm9keT0ibmF0aXZlbG9naW5fbG9naW5fY3JlZGVudGlhbHMi)| | **Number of assets affected** | 43627 | | **Description** | Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service of the Junos operating system to pass in the PHPRC environment variable, turn on the allow_url_include setting, run the incoming encoded PHP code, and gain control of the entire web server. | | **Impact** | Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/10/11/3e4434d6602a32a6.gif) ## Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776) | **Vulnerability** | Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776) | | :----: | :-----| | **Chinese name** | Apache Superset Cookie 权限绕过漏洞(CVE-2023-27524) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="APACHE-Superset"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCB0aXRsZT0iNTAwOiBJbnRlcm5hbCBzZXJ2ZXIgZXJyb3IgfCBTdXBlcnNldCIgfHwgdGl0bGU9IjQwNDogTm90IGZvdW5kIHwgU3VwZXJzZXQiIHx8IGJhbm5lcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCBiYW5uZXI9Ii9zdXBlcnNldC9kYXNoYm9hcmQvIg%3D%3D)| | **Number of assets affected** | 56089 | | **Description** | Apache Superset is an open source modern data exploration and visualization platform.Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. | | **Impact** | Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. | ![](https://s3.bmp.ovh/imgs/2023/10/10/ec147824884d3597.gif) ## Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313) | **Vulnerability** | Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313) | | :----: | :-----| | **Chinese name** | Cockpit assetsmanager/upload 文件上传漏洞(CVE-2023-1313) | | **CVSS core** | 7.2 | | **FOFA Query** (click to view the results directly)| [title="Authenticate Please!" \|\| body="password:this.refs.password.value" \|\| body="UIkit.components.formPassword.prototype.defaults.lblShow" \|\| body="App.request('/auth/check'"](https://en.fofa.info/result?qbase64=dGl0bGU9IkF1dGhlbnRpY2F0ZSBQbGVhc2UhIiB8fCBib2R5PSJwYXNzd29yZDp0aGlzLnJlZnMucGFzc3dvcmQudmFsdWUiIHx8IGJvZHk9IlVJa2l0LmNvbXBvbmVudHMuZm9ybVBhc3N3b3JkLnByb3RvdHlwZS5kZWZhdWx0cy5sYmxTaG93IiB8fCBib2R5PSJBcHAucmVxdWVzdCgnL2F1dGgvY2hlY2snIg%3D%3D)| | **Number of assets affected** | 3185 | | **Description** | Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/09/29/7fa28d36837b1e06.gif) ## Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434) | **Vulnerability** | Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434) | | :----: | :-----| | **Chinese name** | Revive Adserver 广告管理系统 adxmlrpc.php 文件远程代码执行漏洞(CVE-2019-5434) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [title="Revive Adserver" \|\| body="strPasswordMinLength" \|\| body="Welcome to Revive Adserver"](https://en.fofa.info/result?qbase64=dGl0bGU9IlJldml2ZSBBZHNlcnZlciIgfHwgYm9keT0ic3RyUGFzc3dvcmRNaW5MZW5ndGgiIHx8IGJvZHk9IldlbGNvbWUgdG8gUmV2aXZlIEFkc2VydmVyIg%3D%3D)| | **Number of assets affected** | 5667 | | **Description** | Revive Adserver is an open source advertising management system developed by the Revive Adserver team. The system provides functions such as advertising placement, advertising space management, and data statistics.The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions. | | **Impact** | The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/09/25/74874bad3ffe8fc6.gif) ## Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434) | **Vulnerability** | Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434) | | :----: | :-----| | **Chinese name** | Revive Adserver 广告管理系统 adxmlrpc.php 文件远程代码执行漏洞(CVE-2019-5434) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [title="Revive Adserver" \|\| body="strPasswordMinLength" \|\| body="Welcome to Revive Adserver"](https://en.fofa.info/result?qbase64=dGl0bGU9IlJldml2ZSBBZHNlcnZlciIgfHwgYm9keT0ic3RyUGFzc3dvcmRNaW5MZW5ndGgiIHx8IGJvZHk9IldlbGNvbWUgdG8gUmV2aXZlIEFkc2VydmVyIg%3D%3D)| | **Number of assets affected** | 5667 | | **Description** | Revive Adserver is an open source advertising management system developed by the Revive Adserver team. The system provides functions such as advertising placement, advertising space management, and data statistics.The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions. | | **Impact** | The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/09/25/74874bad3ffe8fc6.gif) ## Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability | **Vulnerability** | Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability | | :----: | :-----| | **Chinese name** | 泛微 E-office flow_xml.php 文件 SORT_ID 参数 SQL 注入漏洞 | | **CVSS core** | 7.8 | | **FOFA Query** (click to view the results directly)| [body="href=\"/eoffice" \|\| body="/eoffice10/client" \|\| body="eoffice_loading_tip" \|\| body="eoffice_init" \|\| header="general/login/index.php" \|\| banner="general/login/index.php" \|\| body="/general/login/view//images/updateLoad.gif" \|\| (body="szFeatures" && body="eoffice") \|\| header="eOffice" \|\| banner="eOffice"](https://en.fofa.info/result?qbase64=Ym9keT0iaHJlZj1cIi9lb2ZmaWNlIiB8fCBib2R5PSIvZW9mZmljZTEwL2NsaWVudCIgfHwgYm9keT0iZW9mZmljZV9sb2FkaW5nX3RpcCIgfHwgYm9keT0iZW9mZmljZV9pbml0IiB8fCBoZWFkZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBiYW5uZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBib2R5PSIvZ2VuZXJhbC9sb2dpbi92aWV3Ly9pbWFnZXMvdXBkYXRlTG9hZC5naWYiIHx8IChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJlb2ZmaWNlIikgfHwgaGVhZGVyPSJlT2ZmaWNlIiB8fCBiYW5uZXI9ImVPZmZpY2Ui)| | **Number of assets affected** | 21632 | | **Description** | Weaver e-office is an OA product for small and medium-sized organizations, developed by Weaver Network Technology Co., LTD.There is an SQL injection vulnerability in flow_xml.php, which can be used by attackers to obtain information in the database (for example, administrator background password, site user personal information). | | **Impact** | An attacker can exploit the SQL injection vulnerability to obtain information from the database (for example, administrator background passwords, site user personal information). | ![](https://s3.bmp.ovh/imgs/2023/09/25/6a416f12923360a7.gif) ## GJP SelectImage.aspx file upload vulnerability | **Vulnerability** | GJP SelectImage.aspx file upload vulnerability | | :----: | :-----| | **Chinese name** | 管家婆订货易在线商城 SelectImage.aspx 文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="订货易"](https://en.fofa.info/result?qbase64=dGl0bGU9Iuiuoui0p%2BaYkyI%3D) | | **Number of assets affected** | 2617 | | **Description** | Renwoxing took the lead in launching the Guanjiapo purchase, sales, inventory and financial integration software for small and medium-sized enterprises.There is a SelectImage.aspx arbitrary file upload vulnerability in the Guanjiapo Ordering Online Mall. An attacker can use this vulnerability to control the entire system, ultimately causing the system to be in an extremely unsafe state. | | **Impact** | An attacker can take control of the entire system through this vulnerability, ultimately leaving the system in an extremely unsafe state. | ![](https://s3.bmp.ovh/imgs/2023/09/15/68d54cb7ae080127.gif) ## Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844) | **Vulnerability** | Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844) | | :----: | :-----| | **Chinese name** | Junos webauth_operation.php 文件上传漏洞(CVE-2023-36844) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="Juniper Web Device Manager" \|\| banner="juniper" \|\| header="juniper" \|\| body="svg4everybody/svg4everybody.js" \|\| body="juniper.net/us/en/legal-notices" \|\| body="nativelogin_login_credentials"](https://en.fofa.info/result?qbase64=dGl0bGU9Ikp1bmlwZXIgV2ViIERldmljZSBNYW5hZ2VyIiB8fCBiYW5uZXI9Imp1bmlwZXIiIHx8IGhlYWRlcj0ianVuaXBlciIgfHwgYm9keT0ic3ZnNGV2ZXJ5Ym9keS9zdmc0ZXZlcnlib2R5LmpzIiB8fCBib2R5PSJqdW5pcGVyLm5ldC91cy9lbi9sZWdhbC1ub3RpY2VzIiB8fCBib2R5PSJuYXRpdmVsb2dpbl9sb2dpbl9jcmVkZW50aWFscyI%3D) | | **Number of assets affected** | 47518 | | **Description** | Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service /webauth_operation.php route of the Junos operating system to upload a php webshell, include it through the ?PHPRC parameter, and gain control of the entire web server. | | **Impact** | Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/09/14/58f32076aab47bc2.gif) ## Weaver ecology XmlRpcServlet Path File Read Vulnerability | **Vulnerability** | **Weaver ecology XmlRpcServlet Path File Read Vulnerability** | | :----: | :-----| | **Chinese name** | 泛微 e-cology XmlRpcServlet 接口文件读取漏洞 | | **CVSS core** | 7.8 | | **FOFA Query** (click to view the results directly)| [((body="szFeatures" && body="redirectUrl") \|\| (body="rndData" && body="isdx") \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js" \|\| body="src=\"/js/jquery/jquery_wev8.js" \|\| (header="Server: WVS" && (title!="404 Not Found" && header!="404 Not Found"))) && header!="testBanCookie" && header!="Couchdb" && header!="JoomlaWor" && body!="28ZE"](https://en.fofa.info/result?qbase64=KChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJyZWRpcmVjdFVybCIpIHx8IChib2R5PSJybmREYXRhIiAmJiBib2R5PSJpc2R4IikgfHwgKGJvZHk9InR5cGVvZiBwb3BwZWRXaW5kb3ciICYmIGJvZHk9ImNsaWVudC9qcXVlcnkuY2xpZW50X3dldjguanMiKSB8fCBib2R5PSIvdGhlbWUvZWNvbG9neTgvanF1ZXJ5L2pzL3pEaWFsb2dfd2V2OC5qcyIgfHwgYm9keT0iZWNvbG9neTgvbGFuZy93ZWF2ZXJfbGFuZ183X3dldjguanMiIHx8IGJvZHk9InNyYz1cIi9qcy9qcXVlcnkvanF1ZXJ5X3dldjguanMiIHx8IChoZWFkZXI9IlNlcnZlcjogV1ZTIiAmJiAodGl0bGUhPSI0MDQgTm90IEZvdW5kIiAmJiBoZWFkZXIhPSI0MDQgTm90IEZvdW5kIikpKSAmJiBoZWFkZXIhPSJ0ZXN0QmFuQ29va2llIiAmJiBoZWFkZXIhPSJDb3VjaGRiIiAmJiBoZWFkZXIhPSJKb29tbGFXb3IiICYmIGJvZHkhPSI8dGl0bGU%2BMjhaRTwvdGl0bGU%2BIg%3D%3D) | | **Number of assets affected** | 111321 | | **Description** | Weaver e-cology is an OA office system specifically designed for large and medium-sized enterprises, supporting simultaneous work on PC, mobile, and WeChat platforms.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. | | **Impact** | Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. | ![](https://s3.bmp.ovh/imgs/2023/09/07/af06beef9479a1c1.gif) ## UF U8 Cloud upload.jsp file upload vulnerability | **Vulnerability** | **UF U8 Cloud upload.jsp file upload vulnerability** | | :----: | :-----| | **Chinese name** | 用友 U8 Cloud upload.jsp 文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="开启U8 cloud云端之旅"](https://en.fofa.info/result?qbase64=Ym9keT0i5byA5ZCvVTggY2xvdWTkupHnq6%2FkuYvml4Ui) | | **Number of assets affected** | 13473 | | **Description** | yonyou U8 cloud is a cloud ERP developed by yonyou.There is a file upload vulnerability in yonyou U8 upload.jsp, which can be exploited by attackers to gain server privileges. | | **Impact** | Attackers can use this vulnerability to upload file, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/09/06/407cf745d8210300.gif) ## Ruijie EWEB Network Management System flwo.control.php type Arbitrary Command Execution Vulnerability | **Vulnerability** | **Ruijie EWEB Network Management System flwo.control.php type Arbitrary Command Execution Vulnerability** | | :----: | :-----| | **Chinese name** | Ruijie-EWEB 网管系统 flwo.control.php 文件 type 参数任意命令执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body="锐捷网络" && body="login.getDeviceInfo") \|\| title="锐捷网络-EWEB网管系统"]((https://en.fofa.info/result?qbase64=KGJvZHk9IjxzcGFuIGNsYXNzPVwicmVzb3VyY2VcIiBtYXJrPVwibG9naW4uY29weVJpZ2h0XCI%2B6ZSQ5o23572R57ucPC9zcGFuPiIgJiYgYm9keT0ibG9naW4uZ2V0RGV2aWNlSW5mbyIpIHx8IHRpdGxlPSLplJDmjbfnvZHnu5wtRVdFQue9keeuoeezu%2Be7nyI%3D)) | | **Number of assets affected** | 11544 | | **Description** | Ruijie Network Management System is a new generation of cloud based network management software developed by Beijing Ruijie Data Era Technology Co., Ltd. With the slogan of "Innovative Network Management and Information Security in the Data Age", it is positioned as a unified solution for terminal security, IT operations, and enterprise service-oriented management.Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/09/06/3fa09e24d0bce4cb.gif) ## Adobe ColdFusion WDDX JGroups remote code execution vulnerability | **Vulnerability** | **Adobe ColdFusion WDDX JGroups remote code execution vulnerability** | | :----: | :-----| | **Chinese name** | Adobe ColdFusion WDDX JGroups 远程代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="/cfajax/" \|\| header="CFTOKEN" \|\| banner="CFTOKEN" \|\| body="ColdFusion.Ajax" \|\| body="" \|\| server="ColdFusion" \|\| title="ColdFusion" \|\| (body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) | | **Number of assets affected** | 567468 | | **Description** | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. | | **Impact** |The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/09/05/459741d98c251494.gif) ## Adobe ColdFusion WDDX C3P0 remote code execution vulnerability | **Vulnerability** | **Adobe ColdFusion WDDX C3P0 remote code execution vulnerability** | | :----: | :-----| | **Chinese name** | Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="/cfajax/" \|\| header="CFTOKEN" \|\| banner="CFTOKEN" \|\| body="ColdFusion.Ajax" \|\| body="" \|\| server="ColdFusion" \|\| title="ColdFusion" \|\| (body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) | | **Number of assets affected** | 567468 | | **Description** | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. | | **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. | ## Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability | **Vulnerability** | **Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability** | | :----: | :-----| | **Chinese name** | 大华智慧园区综合管理平台 searchJson SQL 注入漏洞 | | **CVSS core** | 8.2 | | **FOFA Query** (click to view the results directly)| [body="src=\\"/WPMS/asset/common/js/jsencrypt.min.js\'"](https://en.fofa.info/result?qbase64=Ym9keT0ic3JjPVwiL1dQTVMvYXNzZXQvY29tbW9uL2pzL2pzZW5jcnlwdC5taW4uanMnIg%3D%3D) | | **Number of assets affected** | 5415 | | **Description** | Dahua Smart Park Integrated Management Platform is a comprehensive management platform for smart parks built to provide security and efficient management of general public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, parking lot, attendance, visitor, video intercom, information release and other business subsystems to provide customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a comprehensive security solution for the six major areas of "public management, infrastructure, economic development, ecological protection, security, and social services". There is a sql injection vulnerability in the comprehensive management platform of Dahua Smart Park. In addition to using the SQL injection vulnerability to obtain information in the database (for example, administrator background passwords, personal information of site users), attackers can even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions. | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ## Dahua Smart Park Integrated Management Platform source/publishing/publishing/material/file/video File Upload Vulnerability | **Vulnerability** | **Dahua Smart Park Integrated Management Platform source/publishing/publishing/material/file/video File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 大华智慧园区综合管理平台 source/publishing/publishing/material/file/video 文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="src=\\"/WPMS/asset/common/js/jsencrypt.min.js\"](https://en.fofa.info/result?qbase64=Ym9keT0ic3JjPVwiL1dQTVMvYXNzZXQvY29tbW9uL2pzL2pzZW5jcnlwdC5taW4uanMi) | | **Number of assets affected** | 5420 | | **Description** | Dahua Smart Park Comprehensive Management Platform The smart park comprehensive management platform is built to provide safe and efficient management for common public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, and parking Field, attendance, visitor, video intercom, information release and other business subsystems, providing customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a "public management, infrastructure, economic development Comprehensive security solutions in the six major areas of , ecological protection, security, and social services. There is a file upload vulnerability in the Dahua Smart Park system /publishing/, which leads to the server being controlled. | | **Impact** | There is a file upload vulnerability in the comprehensive management platform of the smart park of Zhejiang Dahua Technology Co., Ltd. An attacker can use this vulnerability to obtain server permissions by uploading a specific configuration file. | ## SolarView Compact downloader.php RCE (CVE-2023-23333) | **Vulnerability** | **SolarView Compact downloader.php RCE (CVE-2023-23333)** | | :----: | :-----| | **Chinese name** | SolarView Compact downloader.php 任意命令执行漏洞(CVE-2023-23333) | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [body="SolarView Compact"](https://en.fofa.info/result?qbase64=Ym9keT0iU29sYXJWaWV3IENvbXBhY3Qi) | | **Number of assets affected** | 4941 | | **Description** | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/07/31/9e95a65910332af8.gif) ## EMERSON-XWEB-EVO upload.cgi path Directory Traversal Vulnerability (CVE-2021-45427) | **Vulnerability** | **EMERSON-XWEB-EVO upload.cgi path Directory Traversal Vulnerability (CVE-2021-45427)** | | :----: | :-----| | **Chinese name** | EMERSON-XWEB-EVO upload.cgi 文件 path 参数目录遍历漏洞(CVE-2021-45427) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="src=\\"img/xweb-logo.png" \|\| body="src=\\"/css/images/Logo_XWEB_alpha.png"](https://en.fofa.info/result?qbase64=Ym9keT0ic3JjPVwiaW1nL3h3ZWItbG9nby5wbmciIHx8IGJvZHk9InNyYz1cIi9jc3MvaW1hZ2VzL0xvZ29fWFdFQl9hbHBoYS5wbmci) | | **Number of assets affected** | 15849 | | **Description** | Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States. Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions. | | **Impact** | Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States. Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions. | ## Acmailer init_ctl.cgi sendmail_path Remote Command Execution Vulnerability (CVE-2021-20617) | **Vulnerability** | **Acmailer init_ctl.cgi sendmail_path Remote Command Execution Vulnerability (CVE-2021-20617)** | | :----: | :-----| | **Chinese name** | Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="CGI acmailer"](https://en.fofa.info/result?qbase64=Ym9keT0iQ0dJIGFjbWFpbGVyIg%3D%3D) | | **Number of assets affected** | 557 | | **Description** | Acmailer is a CGI software used to support mail services. Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions. | | **Impact** | Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions. | ## Acmailer enq_form.cgi Authentication Bypass Vulnerability (CVE-2021-20618) | **Vulnerability** | **Acmailer enq_form.cgi Authentication Bypass Vulnerability (CVE-2021-20618)** | | :----: | :-----| | **Chinese name** | Acmailer 邮件系统 enq_form.cgi 认证绕过漏洞(CVE-2021-20618) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="CGI acmailer"](https://en.fofa.info/result?qbase64=Ym9keT0iQ0dJIGFjbWFpbGVyIg%3D%3D) | | **Number of assets affected** | 552 | | **Description** | Acmailer is a CGI software used to support mail services.Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges. | | **Impact** | Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges. | ## Frappe Framework frappe.core.doctype.data_import.data_import.get_preview_from_template import_file Arbitrary File Read Vulnerability (CVE-2022-41712) | **Vulnerability** | **Frappe Framework frappe.core.doctype.data_import.data_import.get_preview_from_template import_file Arbitrary File Read Vulnerability (CVE-2022-41712)** | | :----: | :-----| | **Chinese name** | Frappe-Framework 框架 frappe.core.doctype.data_import.data_import.get_preview_from_template 文件 import_file 参数任意文件读取漏洞(CVE-2022-41712) | | **CVSS core** | 6.5 | | **FOFA Query** (click to view the results directly)| [body="" \|\| body="window.MetabaseLocalization = JSON.parse(document.getElementById(\"_metabaseLocalization\").textContent);") && body="window.MetabaseRoot = actualRoot;")](https://en.fofa.info/result?qbase64=dGl0bGU9PSJNZXRhYmFzZSIgfHwgKChib2R5PSI8c2NyaXB0IHR5cGU9XCJhcHBsaWNhdGlvbi9qc29uXCIgaWQ9XCJfbWV0YWJhc2VCb290c3RyYXBcIj4iIHx8IGJvZHk9IndpbmRvdy5NZXRhYmFzZUxvY2FsaXphdGlvbiA9IEpTT04ucGFyc2UoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoXCJfbWV0YWJhc2VMb2NhbGl6YXRpb25cIikudGV4dENvbnRlbnQpOyIpICYmIGJvZHk9IndpbmRvdy5NZXRhYmFzZVJvb3QgPSBhY3R1YWxSb290OyIp) | | **Number of assets affected** | 66604 | | **Description** | Metabase is an open source data analysis and visualization tool that helps users easily connect to various data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. | | **Impact** | A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges. | ![](https://s3.bmp.ovh/imgs/2023/07/28/4a0b2c90aaf1b387.gif) ## Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203) | **Vulnerability** | **Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)** | | :----: | :-----| | **Chinese name** | Adobe ColdFusion 远程代码执行漏洞(CVE-2023-38203) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) | | **Number of assets affected** | 3740 | | **Description** | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. | | **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/07/24/514d4dd7f7e3b52c.gif) ## SANGFOR-IOMS catjs.php File Read Vulnerability | **Vulnerability** | **SANGFOR-IOMS catjs.php File Read Vulnerability** | | :----: | :-----| | **Chinese name** | 深信服上网优化管理系统 catjs.php 文件读取漏洞 | | **CVSS core** | 6.0 | | **FOFA Query** (click to view the results directly)| [title="SANGFOR上网优化管理"](https://en.fofa.info/result?qbase64=CXRpdGxlPSJTQU5HRk9S5LiK572R5LyY5YyW566h55CGIg%3D%3D) | | **Number of assets affected** | 97 | | **Description** | Convinced by the Internet optimization management system deployment does not need to be adjusted, and transparent bridging mode is supported in organizational networks. At the same time, Intranet users can directly access the Internet regardless of any changes and maintain the original Internet access habits. This enables all data centers, links, and servers to be fully utilized.catjs.php file has any file reading vulnerability, through which an attacker can download any file in the server and leak sensitive information of the server. | | **Impact** | Attackers can use this vulnerability to read important server files, such as system configuration files, database configuration files, and so on, causing the website to be in an extremely insecure state. | ## Command Execution Vulnerability in Hikvision Operations Management Center | **Vulnerability** | **Command Execution Vulnerability in Hikvision Operations Management Center** | | :----: | :-----| | **Chinese name** | 海康运行管理中心命令执行漏洞 | | **CVSS core** | 9.6 | | **FOFA Query** (click to view the results directly)| [header="X-Content-Type-Options: nosniff" && body="\

Welcome to OpenResty!\

" && header="X-Xss-Protection: 1; mode=block"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYLUNvbnRlbnQtVHlwZS1PcHRpb25zOiBub3NuaWZmIiAmJiBib2R5PSI8aDE%2BV2VsY29tZSB0byBPcGVuUmVzdHkhPC9oMT4iICYmIGhlYWRlcj0iWC1Yc3MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jayI%3D) | | **Number of assets affected** | 5905 | | **Description** | Hikvision is a video-centric provider of intelligent IoT solutions and big data services. A command execution vulnerability exists in the operation and management center system of Hangzhou Hikvision Digital Technology Co. An attacker could use the vulnerability to gain server privileges. | | **Impact** | The latest version has fixed the vulnerability, upgrade the system version to the latest version :https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0 | ![](https://s3.bmp.ovh/imgs/2023/07/21/9e8983187d4816a8.gif) ## Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability | **Vulnerability** | **Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 网神 SecGate 3600 防火墙 obj_area_import_save 文件上传漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [title="网神SecGate 3600防火墙"](https://en.fofa.info/result?qbase64=CXRpdGxlPSLnvZHnpZ5TZWNHYXRlIDM2MDDpmLLngavlopki) | | **Number of assets affected** | 725 | | **Description** | Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions. | | **Impact** | There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/21/cfe7cdf43c6e18a4.gif) ## Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability | **Vulnerability** | **Netgod SecGate 3600 Firewall app_av_import_save File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 网神 SecGate 3600 防火墙 app_av_import_save 文件上传漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [title="网神SecGate 3600防火墙"](https://en.fofa.info/result?qbase64=CXRpdGxlPSLnvZHnpZ5TZWNHYXRlIDM2MDDpmLLngavlopki) | | **Number of assets affected** | 725 | | **Description** | Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions. | | **Impact** | There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/21/66573e8f0df89d78.gif) ## Kingdee Apusic Application Server deployApp Arbitrary File Upload Vulnerability | **Vulnerability** | **Kingdee Apusic Application Server deployApp Arbitrary File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | Apusic应用服务器 deployApp 任意文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="Apusic应用服务器"](https://en.fofa.info/result?qbase64=dGl0bGU9IkFwdXNpY%2BW6lOeUqOacjeWKoeWZqCI%3D) | | **Number of assets affected** | 232 | | **Description** | Kingdee Apusic application server is the first pure Java application server in China with its own intellectual property rights following the J2EE standard.There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions. | | **Impact** | There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions. | ## DOCBOX dynamiccontent.properties.xhtml Remote Code Execution Vulnerability | **Vulnerability** | **DOCBOX dynamiccontent.properties.xhtml Remote Code Execution Vulnerability** | | :----: | :-----| | **Chinese name** | DOCBOX dynamiccontent.properties.xhtml 文件 cmd 参数远程代码执行漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="docbox.webapp"](https://en.fofa.info/result?qbase64=Ym9keT0iZG9jYm94LndlYmFwcCI%3D) | | **Number of assets affected** | 657 | | **Description** | DOCBOX is a solution that can improve healthcare, is easy to use, and is based on a secure, open system.There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions. | | **Impact** | There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions. | ## Kingdee-EAS easWebClient Arbitrary File Download Vulnerability | **Vulnerability** | **Kingdee-EAS easWebClient Arbitrary File Download Vulnerability** | | :----: | :-----| | **Chinese name** | 金蝶-EAS easWebClient 任意文件下载漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="easSessionId" \|\| header="easportal" \|\| header="eassso/login" \|\| banner="eassso/login" \|\| body="/eassso/common" \|\| (title="EAS系统登录" && body="金蝶")](https://en.fofa.info/result?qbase64=Ym9keT0iZWFzU2Vzc2lvbklkIiB8fCBoZWFkZXI9ImVhc3BvcnRhbCIgfHwgaGVhZGVyPSJlYXNzc28vbG9naW4iIHx8IGJhbm5lcj0iZWFzc3NvL2xvZ2luIiB8fCBib2R5PSIvZWFzc3NvL2NvbW1vbiIgfHwgKHRpdGxlPSJFQVPns7vnu5%2FnmbvlvZUiICYmIGJvZHk9IumHkeidtiIp) | | **Number of assets affected** | 255 | | **Description** | Kingdee-EAS is a leading enterprise management system, which helps enterprises to build an integrated platform for industry, treasury, tax and invoice files, covering human resource management, tax management, financial sharing, procurement management, inventory management, production and manufacturing, etc.There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar. | | **Impact** | There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar. | ## seeyon M1 Server userTokenService Code Execution Vulnerability | **Vulnerability** | **seeyon M1 Server userTokenService Code Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 致远 M1 移动端 userTokenService 代码执行漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [title=="M1-Server 已启动"](https://en.fofa.info/result?qbase64=dGl0bGU9PSJNMS1TZXJ2ZXIg5bey5ZCv5YqoIg%3D%3D) | | **Number of assets affected** | 7050 | | **Description** | Seeyon M1 Server is a mobile device.Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server. | | **Impact** | Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/07/14/d3a8bec6a5065f70.gif) ## Yonyou KSOA QueryService SQL Injection vulnerability | **Vulnerability** | **Yonyou KSOA QueryService SQL Injection vulnerability** | | :----: | :-----| | **Chinese name** | 用友时空 KSOA QueryService 处 content 参数 SQL 注入漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [body="onmouseout=\"this.classname='btn btnOff'\""](https://en.fofa.info/result?qbase64=Ym9keT0ib25tb3VzZW91dD1cInRoaXMuY2xhc3NuYW1lPSdidG4gYnRuT2ZmJ1wiIg%3D%3D) | | **Number of assets affected** | 3995 | | **Description** | Yonyou KSOA spacetime is based on the KSOA concept under the guidance of research and development of a new generation of products, is according to the forefront of circulation enterprises IT requirements to launch the unification of the IT infrastructure, IT can make circulation enterprises established between IT systems in different historical periods, relaxed conversation with each other, help circulation enterprises to protect the existing IT investments, simplify IT management, enhance competition ability, Ensure that the overall strategic objectives and innovation activities of the enterprise are achieved. SQL injection vulnerability exists in some function of Yonyou spatio-temporal KSOA, which can be used by attackers to obtain database sensitive information. | | **Impact** | In addition to using SQL injection vulnerability to obtain information in the database (for example, administrator background password, site user personal information), the attacker can even write Trojan horse to the server in the case of high permission to further obtain server system permission. | ## Qi An Xin Tianqing Terminal Security Management System information disclosure vulnerability | **Vulnerability** | **Qi An Xin Tianqing Terminal Security Management System information disclosure vulnerability** | | :----: | :-----| | **Chinese name** | 奇安信天擎终端安全管理系统信息泄露漏洞 | | **CVSS core** | 5.6 | | **FOFA Query** (click to view the results directly)| [title="新天擎"](https://en.fofa.info/result?qbase64=dGl0bGU9IuaWsOWkqeaTjiI%3D) | | **Number of assets affected** | 574 | | **Description** | Tianqing Terminal Security Management System is an integrated terminal security product solution for government and enterprise units.Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address. | | **Impact** | Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address. | ## Tianqing terminal security management system YII_CSRF_TOKEN remote code execution vulnerability | **Vulnerability** | **Tianqing terminal security management system YII_CSRF_TOKEN remote code execution vulnerability** | | :----: | :-----| | **Chinese name** | 天擎终端安全管理系统 YII_CSRF_TOKEN 远程代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="360新天擎" \|\| body="appid\":\"skylar6" \|\| body="/task/index/detail?id={item.id}" \|\| body="已过期或者未授权,购买请联系4008-136-360" \|\| title="360天擎" \|\| title="360天擎终端安全管理系统"](https://en.fofa.info/result?qbase64=dGl0bGU9IjM2MOaWsOWkqeaTjiIgfHwgYm9keT0iYXBwaWRcIjpcInNreWxhcjYiIHx8IGJvZHk9Ii90YXNrL2luZGV4L2RldGFpbD9pZD17aXRlbS5pZH0iIHx8IGJvZHk9IuW3sui%2Fh%2Bacn%2BaIluiAheacquaOiOadg%2B%2B8jOi0reS5sOivt%2BiBlOezuzQwMDgtMTM2LTM2MCIgfHwgdGl0bGU9IjM2MOWkqeaTjiIgfHwgdGl0bGU9IjM2MOWkqeaTjue7iOerr%2BWuieWFqOeuoeeQhuezu%2Be7nyI%3D) | | **Number of assets affected** | 875 | | **Description** | Qi Anxin Tianqing is a terminal security management system (referred to as "Tianqing") product of Qi Anxin Group dedicated to integrated terminal security solutions.The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions. | | **Impact** | The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/14/fdc6987a22268e3b.gif) ## 91skzy Enterprise process control system login File Read vulnerability | **Vulnerability** | **91skzy Enterprise process control system login File Read vulnerability** | | :----: | :-----| | **Chinese name** | 时空智友企业流程化管控系统 login 文件读取漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="企业流程化管控系统" && body="密码(Password):"](https://en.fofa.info/result?qbase64=Ym9keT0i5LyB5Lia5rWB56iL5YyW566h5o6n57O757ufIiAmJiBib2R5PSLlr4bnoIEoUGFzc3dvcmQpOiI%3D) | | **Number of assets affected** | 1467 | | **Description** | Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system. | | **Impact** | Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system. | ## 91skzy Enterprise process control system formservice File Upload vulnerability | **Vulnerability** | **91skzy Enterprise process control system formservice File Upload vulnerability** | | :----: | :-----| | **Chinese name** | 时空智友企业流程化管控系统 formservice 文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="企业流程化管控系统" && body="密码(Password):"](https://en.fofa.info/result?qbase64=Ym9keT0i5LyB5Lia5rWB56iL5YyW566h5o6n57O757ufIiAmJiBib2R5PSLlr4bnoIEoUGFzc3dvcmQpOiI%3D) | | **Number of assets affected** | 1467 | | **Description** | Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions. | | **Impact** | Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/14/5b49872a996cbd1e.gif) ## Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability | **Vulnerability** | **Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability** | | :----: | :-----| | **Chinese name** | 广联达-Linkworks 协同办公管理平台 GetUserByEmployeeCode 文件 employeeCode 参数 SQL注入漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="Services/Identification/login.ashx" \|\| header="Services/Identification/login.ashx" \|\| banner="Services/Identification/login.ashx"](https://en.fofa.info/result?qbase64=Ym9keT0iU2VydmljZXMvSWRlbnRpZmljYXRpb24vbG9naW4uYXNoeCIgfHwgaGVhZGVyPSJTZXJ2aWNlcy9JZGVudGlmaWNhdGlvbi9sb2dpbi5hc2h4IiB8fCBiYW5uZXI9IlNlcnZpY2VzL0lkZW50aWZpY2F0aW9uL2xvZ2luLmFzaHgi) | | **Number of assets affected** | 27341 | | **Description** | Glodon-Linkworks collaborative office management platform is a management system that focuses on the entire life cycle of engineering projects and provides customers with digital software and hardware products and solutions.Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. | | **Impact** | Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. | ![](https://s3.bmp.ovh/imgs/2023/07/14/30159400f31ca801.gif) ## Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability | **Vulnerability** | **Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 华天动力-OA8000 MyHttpServlet 文件 reportFile 参数文件上传漏洞 | | **CVSS core** | 8.6 | | **FOFA Query** (click to view the results directly)| [body="/OAapp/WebObjects/OAapp.woa"](https://en.fofa.info/result?qbase64=Ym9keT0iL09BYXBwL1dlYk9iamVjdHMvT0FhcHAud29hIg%3D%3D) | | **Number of assets affected** | 2226 | | **Description** | Huatian-OA8000 is a combination of advanced management ideas, management models, software technology and network technology, providing users with a low-cost, high-efficiency collaborative office and management platform.There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords. | | **Impact** | There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords. | ![](https://s3.bmp.ovh/imgs/2023/07/07/ee0dff7305687815.gif) ## Ruijie WEB Management System EXCU_SHELL Information Disclosure Vulnerability | **Vulnerability** | **Ruijie WEB Management System EXCU_SHELL Information Disclosure Vulnerability** | | :----: | :-----| | **Chinese name** | 锐捷交换机 WEB 管理系统 EXCU_SHELL 信息泄露漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="img/free_login_ge.gif" && body="./img/login_bg.gif"](https://en.fofa.info/result?qbase64=Ym9keT0iaW1nL2ZyZWVfbG9naW5fZ2UuZ2lmIiAmJiBib2R5PSIuL2ltZy9sb2dpbl9iZy5naWYi) | | **Number of assets affected** | 912 | | **Description** | Ruijie WEB management system is a switch device widely used in government, education, finance, medical and health care, and enterprises.Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system. | | **Impact** | Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system. | ![](https://s3.bmp.ovh/imgs/2023/07/07/7bc1e0fd82aa53eb.gif) ## RSeeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability | **Vulnerability** | **Seeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability** | | :----: | :-----| | **Chinese name** | 致远互联-OA wpsAssistServlet 文件 templateUrl 参数任意文件读取漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="/seeyon/USER-DATA/IMAGES/LOGIN/login.gif" \|\| title="用友致远A" \|\| (body="/yyoa/" && body!="本站内容均采集于") \|\| header="path=/yyoa" \|\| server=="SY8044" \|\| (body="A6-V5企业版" && body="seeyon" && body="seeyonProductId") \|\| (body="/seeyon/common/" && body="var _ctxpath = '/seeyon'") \|\| (body="A8-V5企业版" && body="/seeyon/") \|\| banner="Server: SY8044"](https://en.fofa.info/result?qbase64=Ym9keT0iL3NlZXlvbi9VU0VSLURBVEEvSU1BR0VTL0xPR0lOL2xvZ2luLmdpZiIgfHwgdGl0bGU9IueUqOWPi%2BiHtOi%2FnEEiIHx8IChib2R5PSIveXlvYS8iICYmIGJvZHkhPSLmnKznq5nlhoXlrrnlnYfph4fpm4bkuo4iKSB8fCBoZWFkZXI9InBhdGg9L3l5b2EiIHx8IHNlcnZlcj09IlNZODA0NCIgfHwgKGJvZHk9IkE2LVY15LyB5Lia54mIIiAmJiBib2R5PSJzZWV5b24iICYmIGJvZHk9InNlZXlvblByb2R1Y3RJZCIpIHx8IChib2R5PSIvc2VleW9uL2NvbW1vbi8iICYmIGJvZHk9InZhciBfY3R4cGF0aCA9ICcvc2VleW9uJyIpIHx8IChib2R5PSJBOC1WNeS8geS4mueJiCIgJiYgYm9keT0iL3NlZXlvbi8iKSB8fCBiYW5uZXI9IlNlcnZlcjogU1k4MDQ0Ig%3D%3D) | | **Number of assets affected** | 53406 | | **Description** | Seeyou-OA is a collaborative office software that digitally builds the digital collaborative operation platform of enterprises and provides one-stop big data analysis solutions for various business scenarios of enterprises.Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. | | **Impact** | Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. | ![](https://s3.bmp.ovh/imgs/2023/07/14/033b7613462dfe6a.gif) ## koronsoft AIO management system UtilServlet fileName File Read vulnerability | **Vulnerability** | **koronsoft AIO management system UtilServlet fileName File Read vulnerability** | | :----: | :-----| | **Chinese name** | 科荣 AIO 管理系统 UtilServlet 文件 fileName 参数文件读取漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="changeAccount('8000')"](https://en.fofa.info/result?qbase64=Ym9keT0iY2hhbmdlQWNjb3VudCgnODAwMCcpIg%3D%3D) | | **Number of assets affected** | 1976 | | **Description** | KoronsoftAIO management system is a very excellent enterprise management tool.The UtilServlet file reading vulnerability of koronsoftAIO management system can be used to obtain sensitive information of the system. | | **Impact** | The UtilServlet file reading vulnerability ofkoronsoftAIO management system can be used to obtain sensitive information of the system. | ![](https://s3.bmp.ovh/imgs/2023/07/07/57f1d03fa857d0ea.gif) ## 91skzy Enterprise process control system wc.db Information Disclosure vulnerability | **Vulnerability** | **91skzy Enterprise process control system wc.db Information Disclosure vulnerability** | | :----: | :-----| | **Chinese name** | 时空智友企业流程化管控系统 wc.db 文件信息泄露漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="企业流程化管控系统" && body="密码(Password):"](https://en.fofa.info/result?qbase64=Ym9keT0i5LyB5Lia5rWB56iL5YyW566h5o6n57O757ufIiAmJiBib2R5PSLlr4bnoIEoUGFzc3dvcmQpOiI%3D) | | **Number of assets affected** | 1213 | | **Description** | Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system. | | **Impact** | Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system. | ![](https://s3.bmp.ovh/imgs/2023/07/07/894f6e466736766e.gif) ## Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability | **Vulnerability** | **Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 金蝶云星空 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 任意代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="金蝶云星空"](https://en.fofa.info/result?qbase64=CXRpdGxlPSLph5HonbbkupHmmJ%2Fnqboi) | | **Number of assets affected** | 6729 | | **Description** | Kingdee Cloud Starry Sky-Management Center is based on a leading assembleable low-code PaaS platform, which comprehensively serves customers' transformation in R&D, production, marketing, supply chain, finance and other fields.There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions. | | **Impact** | There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/01/de00b732452eea00.gif) ## Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability | **Vulnerability** | **Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability** | | :----: | :-----| | **Chinese name** | 畅捷通T+ DownloadProxy.aspx 文件 Path 参数文件读取漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body=">\" \|\| title=="畅捷通 T+"](https://en.fofa.info/result?qbase64=Ym9keT0iPjxzY3JpcHQ%2BbG9jYXRpb249Jy90cGx1cy8nOzwvc2NyaXB0PjwvYm9keT4iIHx8IHRpdGxlPT0i55WF5o236YCaIFQrIg%3D%3D) | | **Number of assets affected** | 112547 | | **Description** | Chanjet T+ is a smart, flexible and stylish enterprise management software based on the Internet era.Chanjet T+ DownloadProxy.aspx has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as web.config to further control server permissions. | | **Impact** | Chanjet T+ DownloadProxy.aspx has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as web.config to further control server permissions. | ![](https://s3.bmp.ovh/imgs/2023/07/07/191a72363fbc96e6.gif) ## WordPress Plugin js-support-ticket File Upload Vulnerability | **Vulnerability** | **WordPress Plugin js-support-ticket File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | WordPress js-support-ticket 插件 saveconfiguration 功能文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/js-support-ticket"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2pzLXN1cHBvcnQtdGlja2V0Ig%3D%3D) | | **Number of assets affected** | 1115 | | **Description** | JS Help Desk is a professional, simple, easy to use and complete customer support system. JS Help Desk comes packed with lot features than most of the expensive(and complex) support ticket system on market.JS Help Desk <= 2.7.1 Unauthenticated Arbitrary File Upload. | | **Impact** | An attacker can use the uploaded malicious script file to control the whole website or even control the server. This malicious script file, also known as WebShell, can also be referred to as a kind of web backdoor. WebShell scripts have very powerful functions, such as viewing server directories, files in the server, executing system commands, etc. | ## 91skzy Enterprise process control system formservice SQL Injection vulnerability | **Vulnerability** | **91skzy Enterprise process control system formservice SQL Injection vulnerability** | | :----: | :-----| | **Chinese name** | 时空智友企业流程化管控系统 formservice SQL 注入漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="企业流程化管控系统"](https://en.fofa.info/result?qbase64=Ym9keT0i5LyB5Lia5rWB56iL5YyW566h5o6n57O757ufIg%3D%3D) | | **Number of assets affected** | 1461 | | **Description** | Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Wisdom enterprise process management and control system formservice SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information. | | **Impact** | Spatiotemporal Wisdom enterprise process management and control system formservice SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information. | ## Hongfan OA zyy_AttFile.asmx File SQL Injection Vulnerability | **Vulnerability** | **Hongfan OA zyy_AttFile.asmx File SQL Injection Vulnerability** | | :----: | :-----| | **Chinese name** | 红帆 OA zyy_AttFile.asmx 文件 fileName 参数 SQL 注入漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="iOffice.net" \|\| body="/iOffice/js" \|\| (body="iOffice.net" && header!="couchdb" && header!="drupal") \|\| body="iOfficeOcxSetup.exe" \|\| body="Hongfan. All Rights Reserved"](https://en.fofa.info/result?qbase64=dGl0bGU9ImlPZmZpY2UubmV0IiB8fCBib2R5PSIvaU9mZmljZS9qcyIgfHwgKGJvZHk9ImlPZmZpY2UubmV0IiAmJiBoZWFkZXIhPSJjb3VjaGRiIiAmJiBoZWFkZXIhPSJkcnVwYWwiKSB8fCBib2R5PSJpT2ZmaWNlT2N4U2V0dXAuZXhlIiB8fCBib2R5PSJIb25nZmFuLiBBbGwgUmlnaHRzIFJlc2VydmVkIg%3D%3D) | | **Number of assets affected** | 261 | | **Description** | Hongfan OA is an information management platform developed by Hongfan Technology based on the latest technology of Microsoft. NET. The Hongfan OA system provides the hospital with oA functions and completes administrative office services such as information release, process approval, document management, schedule management, work arrangement, document transfer, online communication, etc. Hongfan collaborative office system is the most professional and successful hospital OA in China. | | **Impact** | There is a SQL injection vulnerability in Hongfan iOffice Hospital Edition, which can be used by attackers to obtain sensitive database information. | ## iOffice OA iorepsavexml.aspx Arbitrary File Upload Vulnerability | **Vulnerability** | **iOffice OA iorepsavexml.aspx Arbitrary File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 红帆-ioffice iorepsavexml.aspx 任意文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="iOffice.net" \|\| body="/iOffice/js" \|\| (body="iOffice.net" && header!="couchdb" && header!="drupal") \|\| body="iOfficeOcxSetup.exe" \|\| body="Hongfan. All Rights Reserved"](https://en.fofa.info/result?qbase64=dGl0bGU9ImlPZmZpY2UubmV0IiB8fCBib2R5PSIvaU9mZmljZS9qcyIgfHwgKGJvZHk9ImlPZmZpY2UubmV0IiAmJiBoZWFkZXIhPSJjb3VjaGRiIiAmJiBoZWFkZXIhPSJkcnVwYWwiKSB8fCBib2R5PSJpT2ZmaWNlT2N4U2V0dXAuZXhlIiB8fCBib2R5PSJIb25nZmFuLiBBbGwgUmlnaHRzIFJlc2VydmVkIg%3D%3D) | | **Number of assets affected** | 261 | | **Description** | Hongfan OA is an oA function that provides hospitals with information release, process approval, document management, schedule management, work arrangement, file delivery, online communication and other administrative office services.There is an arbitrary file upload vulnerability in the Hongfan OA iorepsavexml.aspx file. Attackers can upload malicious Trojan horses to obtain server permissions. | | **Impact** | There is an arbitrary file upload vulnerability in the Hongfan OA iorepsavexml.aspx file. Attackers can upload malicious Trojan horses to obtain server permissions. | ## WordPress plugin perfect survey admin-ajax.php question_id SQL Injection Vulnerability (CVE-2021-24762) | **Vulnerability** | **WordPress plugin perfect survey admin-ajax.php question_id SQL Injection Vulnerability (CVE-2021-24762)** | | :----: | :-----| | **Chinese name** | WordPress perfect survey 插件 admin-ajax.php 文件 question_id 参数 SQL注入漏洞(CVE-2021-24762) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="/wp-content/plugins/perfect-survey"](https://en.fofa.info/result?qbase64=Ym9keT0iL3dwLWNvbnRlbnQvcGx1Z2lucy9wZXJmZWN0LXN1cnZleSI%3D) | | **Number of assets affected** | 628 | | **Description** | WordPress plugin perfect survey is a plugin for surveying user feedback issues.WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. | | **Impact** | WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. | ![](https://s3.bmp.ovh/imgs/2023/07/13/7a534dcb3646e5c6.gif) ## WordPress Plugin QuadMenu admin-ajax.php output File Upload Vulnerability | **Vulnerability** | **WordPress Plugin QuadMenu admin-ajax.php output File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | WordPress QuadMenu 插件 admin-ajax.php 文件 output 参数任意文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/quadmenu"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3F1YWRtZW51Ig%3D%3D) | | **Number of assets affected** | 7573 | | **Description** | WordPress plugin perfect survey is a plugin for surveying user feedback issues.WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. | | **Impact** | WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. | ## WordPress Plugin SuperStoreFinder-wp import.php File Upload Vulnerability | **Vulnerability** | **WordPress Plugin SuperStoreFinder-wp import.php File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | WordPress SuperStoreFinder-wp 插件 import.php 任意文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/superstorefinder-wp"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3N1cGVyc3RvcmVmaW5kZXItd3Ai) | | **Number of assets affected** | 2363 | | **Description** | WordPress Plugin SuperStoreFinder-wp is a plugin with precise geolocation built in to let customers route and reach your store outlets in the easiest way.The WordPress Plugin SuperStoreFinder-wp plugin does not properly check file uploads. An attacker can set the Content-Type header to text/csv and use double extensions to bypass the existing checks. An attacker can upload malicious files to gain server permissions. | | **Impact** | The WordPress Plugin SuperStoreFinder-wp plugin does not properly check file uploads. An attacker can set the Content-Type header to text/csv and use double extensions to bypass the existing checks. An attacker can upload malicious files to gain server permissions. | ## WordPress Plugin WP Hotel Booking thimpress_hotel_booking_1 RCE Vulnerability (CVE-2020-29047) | **Vulnerability** | **WordPress Plugin WP Hotel Booking thimpress_hotel_booking_1 RCE Vulnerability (CVE-2020-29047)** | | :----: | :-----| | **Chinese name** | WordPress 插件 WP Hotel Booking thimpress_hotel_booking_1 参数远程代码执行漏洞(CVE-2020-29047) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wp-hotel-booking"](https://en.fofa.info/result?qbase64=CWJvZHk9IndwLWNvbnRlbnQvcGx1Z2lucy93cC1ob3RlbC1ib29raW5nIg%3D%3D) | | **Number of assets affected** | 1940 | | **Description** | WordPress Plugin WP Hotel Booking is a complete hotel booking plugin.WordPress Plugin WP Hotel Booking version 1.10.2 has a code execution vulnerability, and attackers can execute malicious code to control the server. | | **Impact** | WordPress Plugin WP Hotel Booking version 1.10.2 has a code execution vulnerability, and attackers can execute malicious code to control the server. | ## EasyCVR default password | **Vulnerability** | **EasyCVR default password** | | :----: | :-----| | **Chinese name** | EasyCVR智能边缘网关默认口令漏洞 | | **CVSS core** | 8.6 | | **FOFA Query** (click to view the results directly)| [body="EasyGBS" \|\| body="EasyDarwin.Body" \|\| body="EasyCVR"](https://en.fofa.info/result?qbase64=Ym9keT0iRWFzeUdCUyIgfHwgYm9keT0iRWFzeURhcndpbi5Cb2R5IiB8fCBib2R5PSJFYXN5Q1ZSIg%3D%3D) | | **Number of assets affected** | 25111 | | **Description** | EasyCVR intelligent edge gateway is a product of TSINGSEE's software and hardware integration, which can provide multi-protocol (RTSP/RTMP/GB28181/Haikang Ehome/Dahua, Haikang SDK, etc.) device video access, Collection, AI intelligent detection, processing, distribution and other services.The EasyCVR video management platform has a default password vulnerability, where attackers can exploit the default credentials "easycvr/easycvr" to log in to the administration interface. | | **Impact** | The EasyCVR video management platform has a default password vulnerability, where attackers can exploit the default credentials "easycvr/easycvr" to log in to the administration interface. | ## Apache Solr Velocity Template Injection Vulnerability (CVE-2019-17558) | **Vulnerability** | **Apache Solr Velocity Template Injection Vulnerability (CVE-2019-17558)** | | :----: | :-----| | **Chinese name** | Apache Solr Velocity 模版注入漏洞(CVE-2019-17558) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title="Solr Admin" \|\| body="SolrCore Initialization Failures" \|\| body="app_config.solr_path" \|\| (banner="/solr/" && banner="Location" && banner!="couchdb" && banner!="drupal")](https://en.fofa.info/result?qbase64=dGl0bGU9IlNvbHIgQWRtaW4iIHx8IGJvZHk9IlNvbHJDb3JlIEluaXRpYWxpemF0aW9uIEZhaWx1cmVzIiB8fCBib2R5PSJhcHBfY29uZmlnLnNvbHJfcGF0aCIgfHwgKGJhbm5lcj0iL3NvbHIvIiAmJiBiYW5uZXI9IkxvY2F0aW9uIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiKQ%3D%3D) | | **Number of assets affected** | 1128540 | | **Description** | Apache Solr is a search server based on Lucene, developed by the Apache Software Foundation. The software supports features such as faceted search, vertical search, and highlighting of search results.A vulnerability has been discovered in Apache Solr versions 5.0.0 to 8.3.1 that allows injection attacks. Attackers can exploit this vulnerability using Velocity templates to execute arbitrary code on the system. | | **Impact** | A vulnerability has been discovered in Apache Solr versions 5.0.0 to 8.3.1 that allows injection attacks. Attackers can exploit this vulnerability using Velocity templates to execute arbitrary code on the system. | ## 红帆-ioffice ioAssistance2.asmx 文件 SQL 注入漏洞 | **Vulnerability** | **红帆-ioffice ioAssistance2.asmx 文件 SQL 注入漏洞 ** | | :----: | :-----| | **Chinese name** | 红帆-ioffice ioAssistance2.asmx 文件 SQL 注入漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="iOffice.net" \|\| body="/iOffice/js" \|\| (body="iOffice.net" && header!="couchdb" && header!="drupal") \|\| body="iOfficeOcxSetup.exe" \|\| body="Hongfan. All Rights Reserved"](https://en.fofa.info/result?qbase64=dGl0bGU9IlNvbHIgQWRtaW4iIHx8IGJvZHk9IlNvbHJDb3JlIEluaXRpYWxpemF0aW9uIEZhaWx1cmVzIiB8fCBib2R5PSJhcHBfY29uZmlnLnNvbHJfcGF0aCIgfHwgKGJhbm5lcj0iL3NvbHIvIiAmJiBiYW5uZXI9IkxvY2F0aW9uIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiKQ%3D%3D) | | **Number of assets affected** | 261 | | **Description** | Hongfan OA is an oA function that provides hospitals with information release, process approval, document management, schedule management, work arrangement, file delivery, online communication and other administrative office services.There is a SQL injection vulnerability in the Hongfan OA ioAssistance2.asmx file. An attacker can obtain information such as database passwords and execute commands to obtain server permissions. | | **Impact** | There is a SQL injection vulnerability in the Hongfan OA ioAssistance2.asmx file. An attacker can obtain information such as database passwords and execute commands to obtain server permissions. | ## VNC remote desktop system default password vulnerability | **Vulnerability** | **VNC remote desktop system default password vulnerability** | | :----: | :-----| | **Chinese name** | VNC 远程桌面系统默认口令漏洞 | | **CVSS core** | 7.3 | | **FOFA Query** (click to view the results directly)| [(protocol="vnc" \|\| body="EduSoho" \|\| (body="Powered By EduSoho" && body="var app")](https://en.fofa.info/result?qbase64=dGl0bGU9IlBvd2VyZWQgQnkgRWR1U29obyIgfHwgYm9keT0iUG93ZXJlZCBieSA8YSBocmVmPVwiaHR0cDovL3d3dy5lZHVzb2hvLmNvbS9cIiB0YXJnZXQ9XCJfYmxhbmtcIj5FZHVTb2hvIiB8fCAoYm9keT0iUG93ZXJlZCBCeSBFZHVTb2hvIiAmJiBib2R5PSJ2YXIgYXBwIik%3D) | | **Number of assets affected** | 6957 | | **Description** | The edusoho education and training system Avaya Aura™ Utility Server" \|\| body="/webhelp/Base/Utility_toc.htm" \|\| (body="Avaya Aura® Utility Services" && body="Avaya Inc. All Rights Reserved")) && body!="Server: couchdb")](https://en.fofa.info/result?qbase64=KChib2R5PSJ2bXNUaXRsZVwiPkF2YXlhIEF1cmEmIzg0ODI7Jm5ic3A7VXRpbGl0eSBTZXJ2ZXIiIHx8IGJvZHk9Ii93ZWJoZWxwL0Jhc2UvVXRpbGl0eV90b2MuaHRtIiB8fCAoYm9keT0iQXZheWEgQXVyYSZyZWc7Jm5ic3A7VXRpbGl0eSBTZXJ2aWNlcyIgJiYgYm9keT0iQXZheWEgSW5jLiBBbGwgUmlnaHRzIFJlc2VydmVkIikpICYmIGJvZHkhPSJTZXJ2ZXI6IGNvdWNoZGIiKQ%3D%3D) | | **Number of assets affected** | 565 | | **Description** | Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints. Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. | | **Impact** | Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/06/21/06ca1ac2bfc684e0.gif) ## Weaver OA PluginViewServlet Authentication Bypass Vulnerability | **Vulnerability** | **Weaver OA PluginViewServlet Authentication Bypass Vulnerability** | | :----: | :-----| | **Chinese name** | 泛微OA办公系统 PluginViewServlet 认证绕过漏洞 | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [(header="testBanCookie" \|\| banner="testBanCookie" \|\| body="/wui/common/css/w7OVFont.css" \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0idGVzdEJhbkNvb2tpZSIgfHwgYmFubmVyPSJ0ZXN0QmFuQ29va2llIiB8fCBib2R5PSIvd3VpL2NvbW1vbi9jc3MvdzdPVkZvbnQuY3NzIiB8fCAoYm9keT0idHlwZW9mIHBvcHBlZFdpbmRvdyIgJiYgYm9keT0iY2xpZW50L2pxdWVyeS5jbGllbnRfd2V2OC5qcyIpIHx8IGJvZHk9Ii90aGVtZS9lY29sb2d5OC9qcXVlcnkvanMvekRpYWxvZ193ZXY4LmpzIiB8fCBib2R5PSJlY29sb2d5OC9sYW5nL3dlYXZlcl9sYW5nXzdfd2V2OC5qcyIp) | | **Number of assets affected** | 45034 | | **Description** | Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency. There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. | | **Impact** | There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. | ![](https://s3.bmp.ovh/imgs/2023/06/21/38cfb28426294995.gif) ## Netgod SecGate 3600 Firewall sys_export_conf_local_save File Read Vulnerability | **Vulnerability** | **Netgod SecGate 3600 Firewall sys_export_conf_local_save File Read Vulnerability** | | :----: | :-----| | **Chinese name** | 网神SecGate 3600防火墙 sys_export_conf_local_save 文件读取漏洞 | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [title="网神SecGate 3600防火墙"](https://en.fofa.info/result?qbase64=dGl0bGU9Iue9keelnlNlY0dhdGUgMzYwMOmYsueBq%2BWimSI%3D) | | **Number of assets affected** | 738 | | **Description** | Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management. There is a file reading vulnerability in the Netgod SecGate 3600 firewall, which allows attackers to obtain sensitive information from the server. | | **Impact** | There is a file reading vulnerability in the Netgod SecGate 3600 firewall, which allows attackers to obtain sensitive information from the server. | ![](https://s3.bmp.ovh/imgs/2023/06/21/cffc80cace17c408.gif) ## PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability | **Vulnerability** | **PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | PandoraFMS 软件 upload_head_image.php 任意文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="pandora_console/"](https://en.fofa.info/result?qbase64=Ym9keT0icGFuZG9yYV9jb25zb2xlLyI%3D) | | **Number of assets affected** | 768 | | **Description** | PandoraFMS is an application software of American PandoraFMS. Provides a monitoring function.

There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. | | **Impact** | There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/06/21/c89f35d6d3a29740.gif) ## WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060) | **Vulnerability** | **WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)** | | :----: | :-----| | **Chinese name** | WordPress User Post Gallery 插件 upg_datatable 远程代码执行漏洞(CVE-2022-4060) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wp-upg"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dwLXVwZyI%3D) | | **Number of assets affected** | 383 | | **Description** | WordPress plugins User Post Gallery is a plugin that allows users to select albums, generate tags, upload pictures and videos from the front end. There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. | | **Impact** | There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. | ![](https://s3.bmp.ovh/imgs/2023/06/21/f82bbe1d63c40785.gif) ## WordPress plugins User Verification Authentication Bypass Vulnerability (CVE-2022-4693) | **Vulnerability** | **WordPress plugins User Verification Authentication Bypass Vulnerability (CVE-2022-4693)** | | :----: | :-----| | **Chinese name** | WordPress User Verification 插件 user_verification_send_otp 页面认证绕过漏洞(CVE-2022-4693) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/user-verification"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3VzZXItdmVyaWZpY2F0aW9uIg%3D%3D) | | **Number of assets affected** | 707 | | **Description** | WordPress plugins User Verification is a plugin to protect your website from spam users and block instant access by using spam email addresses. There is an authorization problem vulnerability in WordPress plugins User Verification before version 1.0.94. The vulnerability stems from the fact that login verification can be bypassed. | | **Impact** | There is an authorization problem vulnerability in WordPress plugins User Verification before version 1.0.94. The vulnerability stems from the fact that login verification can be bypassed. | ![](https://s3.bmp.ovh/imgs/2023/06/21/5e1c0207e077f467.gif) ## WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298) | **Vulnerability** | **WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)** | | :----: | :-----| | **Chinese name** | WordPress Wholesale Market 插件 ced_cwsm_csv_import_export_module_download_error_log 任意文件读取漏洞(CVE-2022-4298) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wholesale-market"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dob2xlc2FsZS1tYXJrZXQi) | | **Number of assets affected** | 120 | | **Description** | The WordPress plugin Wholesale Market is a woocommerce extension plugin that enables your store to create wholesale users and set wholesale prices for products by. The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. | | **Impact** | The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. | ![](https://s3.bmp.ovh/imgs/2023/06/21/f9ab68386ba634ba.gif) ## yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability | **Vulnerability** | **yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability** | | :----: | :-----| | **Chinese name** | 用友GRP-U8 软件 U8AppProxy 任意文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="window.location.replace(\"login.jsp?up=1\")" \|\| body="GRP-U8"](https://en.fofa.info/result?qbase64=Ym9keT0id2luZG93LmxvY2F0aW9uLnJlcGxhY2UoXCJsb2dpbi5qc3A%2FdXA9MVwiKSIgfHwgYm9keT0iR1JQLVU4Ig%3D%3D) | | **Number of assets affected** | 1308 | | **Description** | Yonyou GRP-U8 management software is a new generation of products launched by UFIDA focusing on national e-government affairs and based on cloud computing technology. It is the most professional government financial management software in the field of administrative affairs and finance in my country. UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions.| | **Impact** | UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/06/08/5cccc970d4c3d964.gif) ## WordPress Plugin Events Made Easy SQL Injection Vulnerability(CVE-2022-10271) | **Vulnerability** | **WordPress Plugin Events Made Easy SQL Injection Vulnerability(CVE-2022-10271)** | | :----: | :-----| | **Chinese name** | WebLogic CoordinatorPortType 远程代码执行漏洞(CVE-2017-10271) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body="Welcome to WebLogic Server") \|\| (title=="Error 404--Not Found") \|\| (((body="\

BEA WebLogic Server" \|\| server="Weblogic" \|\| body="content=\"WebLogic Server" \|\| body="\

Welcome to Weblogic Application" \|\| body="\

BEA WebLogic Server") && header!="couchdb" && header!="boa" && header!="RouterOS" && header!="X-Generator: Drupal") \|\| (banner="Weblogic" && banner!="couchdb" && banner!="drupal" && banner!=" Apache,Tomcat,Jboss" && banner!="ReeCam IP Camera" && banner!="\

Blog Comments\

")) \|\| (port="7001" && protocol=="weblogic")](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIikgfHwgKHRpdGxlPT0iRXJyb3IgNDA0LS1Ob3QgRm91bmQiKSB8fCAoKChib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIgfHwgc2VydmVyPSJXZWJsb2dpYyIgfHwgYm9keT0iY29udGVudD1cIldlYkxvZ2ljIFNlcnZlciIgfHwgYm9keT0iPGgxPldlbGNvbWUgdG8gV2VibG9naWMgQXBwbGljYXRpb24iIHx8IGJvZHk9IjxoMT5CRUEgV2ViTG9naWMgU2VydmVyIikgJiYgaGVhZGVyIT0iY291Y2hkYiIgJiYgaGVhZGVyIT0iYm9hIiAmJiBoZWFkZXIhPSJSb3V0ZXJPUyIgJiYgaGVhZGVyIT0iWC1HZW5lcmF0b3I6IERydXBhbCIpIHx8IChiYW5uZXI9IldlYmxvZ2ljIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiICYmIGJhbm5lciE9IiBBcGFjaGUsVG9tY2F0LEpib3NzIiAmJiBiYW5uZXIhPSJSZWVDYW0gSVAgQ2FtZXJhIiAmJiBiYW5uZXIhPSI8aDI%2BQmxvZyBDb21tZW50czwvaDI%2BIikpIHx8IChwb3J0PSI3MDAxIiAmJiBwcm90b2NvbD09IndlYmxvZ2ljIik%3D) | | **Number of assets affected** | 127705 | | **Description** | WebLogic Server is one of the application server components suitable for both cloud and traditional environments. Due to the default activation of the WLS WebService component during the deployment process, WebLogic utilizes XMLDecoder to parse serialized data. Attackers can exploit this by constructing malicious XML files to achieve remote command execution, potentially allowing them to execute arbitrary code on the server and gain control over the entire web server. | | **Impact** | Since WebLogic enables the WLS WebService component by default during the deployment process, this component uses XMLDecoder to parse the serialized data. An attacker can implement remote command execution by constructing a malicious XML file, which may cause the attacker to execute arbitrary code on the server side. And then control the entire web server. | ## WordPress Plugin Events Made Easy SQL Injection Vulnerability(CVE-2022-1905) | **Vulnerability** | **WordPress Plugin Events Made Easy SQL Injection Vulnerability(CVE-2022-1905)** | | :----: | :-----| | **Chinese name** | WordPress Events Made Easy 插件 admin-ajax.php 文件 lang 参数SQL注入漏洞(CVE-2022-1905) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/events-made-easy"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2V2ZW50cy1tYWRlLWVhc3ki) | | **Number of assets affected** | 4021 | | **Description** | Events Made Easy is a full-featured event and membership management solution for WordPress. Events Made Easy 2.2.81 has an unauthorized SQL injection vulnerability. | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ## Bifrost X-Requested-With Authentication Bypass Vulnerability (CVE-2022-39267) | **Vulnerability** | **Bifrost X-Requested-With Authentication Bypass Vulnerability (CVE-2022-39267)** | | :----: | :-----| | **Chinese name** | Bifrost 中间件 X-Requested-With 系统身份认证绕过漏洞(CVE-2022-39267) | | **CVSS core** | 8.8 | | **FOFA Query** (click to view the results directly)| [body="/dologin" && body="Bifrost"](https://en.fofa.info/result?qbase64=Ym9keT0iL2RvbG9naW4iICYmIGJvZHk9IkJpZnJvc3Qi) | | **Number of assets affected** | 14 | | **Description** | Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds. | | **Impact** | Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB and Kafka to Redis, MongoDB, ClickHouse and other services for production environments. It can bypass identity authentication by deleting request headers and obtain passwords for various database accounts configured in the environment. | ![](https://s3.bmp.ovh/imgs/2023/06/09/5d975955f9fd76d9.gif) ## MDT KNX manager panel default credentials vulnerability | **Vulnerability** | **MDT KNX manager panel default credentials vulnerability** | | :----: | :-----| | **Chinese name** | MDT KNX 管理面板默认口令 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title="MDT Technologies GmbH" && server="DEFAULT IP PLATFORM"](https://en.fofa.info/result?qbase64=dGl0bGU9Ik1EVCBUZWNobm9sb2dpZXMgR21iSCIgJiYgc2VydmVyPSJERUZBVUxUIElQIFBMQVRGT1JNIg%3D%3D) | | **Number of assets affected** | 1135 | | **Description** | MDT Technologies is an intelligent building automation service provider based on KNX technology for product manufacturing. Its KNX-IP Interface/ Knx-ip Object Server panel is used to access every bus device in the KNX bus system. These panels have default passwords and malicious attackers can take over the target panel system. Default passwords exist on the KNX-IP Interface and KNX-IP Object Server management panel of MDT Technologies. Malicious attackers can use these passwords to take over the target web system. | | **Impact** | Default passwords exist on the KNX-IP Interface and KNX-IP Object Server management panel of MDT Technologies. Malicious attackers can use these passwords to take over the target web system. | ![](https://s3.bmp.ovh/imgs/2023/06/09/c82a201acb398b4b.gif) ## WordPress Plugin LearnPress archive-course File Inclusion Vulnerability (CVE-2022-47615) | **Vulnerability** | **WordPress Plugin LearnPress archive-course File Inclusion Vulnerability (CVE-2022-47615)** | | :----: | :-----| | **Chinese name** | WordPress Plugin LearnPress archive-course 文件包含漏洞(CVE-2022-47615) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/learnpress"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2xlYXJucHJlc3Mi) | | **Number of assets affected** | 48623 | | **Description** | LearnPress is a comprehensive WordPress LMS Plugin for WordPress. This is one of the best WordPress LMS Plugins which can be used to easily create & sell courses online.

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion. | | **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. | ## maxView Storage Manager dynamiccontent.properties.xhtml RCE | **Vulnerability** | **maxView Storage Manager dynamiccontent.properties.xhtml RCE** | | :----: | :-----| | **Chinese name** | maxView Storage Manager 系统 dynamiccontent.properties.xhtml 远程代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title=="maxView Storage Manager - Login"](https://en.fofa.info/result?qbase64=dGl0bGU9PSJtYXhWaWV3IFN0b3JhZ2UgTWFuYWdlciAtIExvZ2luIg%3D%3D) | | **Number of assets affected** | 1465 | | **Description** | maxView Storage Manager is a management system for enterprise storage and communication solutions.

There is a code execution vulnerability in maxView Storage Manager, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges. | | **Impact** | There is a code execution vulnerability in maxView Storage Manager, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/06/09/b3b919992e1c09f1.gif) ## SXETUX dynamiccontent.properties.xhtml RCE | **Vulnerability** | **XETUX dynamiccontent.properties.xhtml RCE** | | :----: | :-----| | **Chinese name** | XETUX 软件 dynamiccontent.properties.xhtml 远程代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title="@XETUX" && title="XPOS" && body = "BackEnd"](https://en.fofa.info/result?qbase64=dGl0bGU9IkBYRVRVWCIgJiYgdGl0bGU9IlhQT1MiICYmIGJvZHkgPSAiQmFja0VuZCI%3D) | | **Number of assets affected** | 2002 | | **Description** | XETUX is a comprehensive solution comprising a set of safe, powerful and monitorable software programs, designed and developed for automatic control of restaurants and retail. There is a code execution vulnerability in XETUX, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges. | | **Impact** | There is a code execution vulnerability in XETUX, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges. | ## Some Hikvision iVMS file upload vulnerabilities | **Vulnerability** | **Some Hikvision iVMS file upload vulnerabilities** | | :----: | :-----| | **Chinese name** | 海康威视部分iVMS系统存在文件上传漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body="class=\"enname\">iVMS-4200" && body="laRemPassword") \|\| (body="home/locationIndex.action?time=" && body="result.data.indexUrl;") \|\| (body="//caoshiyan modify 2015-06-30 中转页面" && body="/home/locationIndex.action?time=" \|\| body="home/licenseUpload.action") \|\| (body="class=\"out\">\" \|\| body="login?service=" \|\| body="/eop/common/css/reset.css" \|\| header="/cms/web/gateway/"\|\| body="/cms/web/gateway/" \|\| header="/login?service=" \|\| title="iVMS") && header="Server: If you want know, you can ask me" && header!="404 Not Found") \|\| (body="var uuid = \"2b73083e-9b29-4005-a123-1d4ec47a36d5\"; // 用于检测VMS是否超时, chenliangyf1") \|\| (body="/cas/login" && body="js/login/login.service.js") \|\| (body="daysOflicenseDatedWarn" && body="/cas/login") \|\| (body="/ivms-ui/default/css/login.css") \|\| (server="Apache-Coyote/1.1" && body="/baseui/js/plugins/ui/jquery.placeholder.js") \|\| (body="/cas/static/js/jquery.placeholder.js") \|\| (body="IVMS.files/logo.gif") \|\| (body="license!getExpireDateOfDays.action" && body=" window.document.location = '/license!getExpireDateOfDays.action';") \|\| (body="iVMS-A100" && title="登录") \|\| (body="/error/browser.do" && body="/portal" && body="settings.skinStyle" && (body="src=\"/portal/common/js/commonVar.js" \|\| body="nginxService/v1/download/InstallRootCert.exe"))](https://en.fofa.info/result?qbase64=KGJvZHk9ImNsYXNzPVwiZW5uYW1lXCI%2BaVZNUy00MjAwIiAmJiBib2R5PSJsYVJlbVBhc3N3b3JkIikgfHwgKGJvZHk9ImhvbWUvbG9jYXRpb25JbmRleC5hY3Rpb24%2FdGltZT0iICYmIGJvZHk9InJlc3VsdC5kYXRhLmluZGV4VXJsOyIpIHx8IChib2R5PSIvL2Nhb3NoaXlhbiBtb2RpZnkgMjAxNS0wNi0zMCDkuK3ovazpobXpnaIiICYmIGJvZHk9Ii9ob21lL2xvY2F0aW9uSW5kZXguYWN0aW9uP3RpbWU9IiB8fCBib2R5PSJob21lL2xpY2Vuc2VVcGxvYWQuYWN0aW9uIikgfHwgKGJvZHk9ImNsYXNzPVwib3V0XCI%2BPGEgaHJlZj1cImRvd25sb2FkL2lWTVMtIikgfHwgKChib2R5PSJ0YWItYm9yZGVyIGNvZGUtaWl2bXNcIj4iIHx8IGJvZHk9ImxvZ2luP3NlcnZpY2U9IiB8fCBib2R5PSIvZW9wL2NvbW1vbi9jc3MvcmVzZXQuY3NzIiB8fCBoZWFkZXI9Ii9jbXMvd2ViL2dhdGV3YXkvInx8IGJvZHk9Ii9jbXMvd2ViL2dhdGV3YXkvIiB8fCBoZWFkZXI9Ii9sb2dpbj9zZXJ2aWNlPSIgfHwgdGl0bGU9ImlWTVMiKSAmJiBoZWFkZXI9IlNlcnZlcjogSWYgeW91IHdhbnQga25vdywgeW91IGNhbiBhc2sgbWUiICYmIGhlYWRlciE9IjQwNCBOb3QgRm91bmQiKSB8fCAoYm9keT0idmFyIHV1aWQgPSBcIjJiNzMwODNlLTliMjktNDAwNS1hMTIzLTFkNGVjNDdhMzZkNVwiOyAvLyDnlKjkuo7mo4DmtYtWTVPmmK%2FlkKbotoXml7YsIGNoZW5saWFuZ3lmMSIpIHx8IChib2R5PSIvY2FzL2xvZ2luIiAmJiBib2R5PSJqcy9sb2dpbi9sb2dpbi5zZXJ2aWNlLmpzIikgfHwgKGJvZHk9ImRheXNPZmxpY2Vuc2VEYXRlZFdhcm4iICYmIGJvZHk9Ii9jYXMvbG9naW4iKSB8fCAoYm9keT0iL2l2bXMtdWkvZGVmYXVsdC9jc3MvbG9naW4uY3NzIikgfHwgKHNlcnZlcj0iQXBhY2hlLUNveW90ZS8xLjEiICYmIGJvZHk9Ii9iYXNldWkvanMvcGx1Z2lucy91aS9qcXVlcnkucGxhY2Vob2xkZXIuanMiKSB8fCAoYm9keT0iL2Nhcy9zdGF0aWMvanMvanF1ZXJ5LnBsYWNlaG9sZGVyLmpzIikgfHwgKGJvZHk9IklWTVMuZmlsZXMvbG9nby5naWYiKSB8fCAoYm9keT0ibGljZW5zZSFnZXRFeHBpcmVEYXRlT2ZEYXlzLmFjdGlvbiIgJiYgYm9keT0iIHdpbmRvdy5kb2N1bWVudC5sb2NhdGlvbiA9ICcvbGljZW5zZSFnZXRFeHBpcmVEYXRlT2ZEYXlzLmFjdGlvbic7IikgfHwgKGJvZHk9ImlWTVMtQTEwMCIgJiYgdGl0bGU9IueZu%2BW9lSIpIHx8IChib2R5PSIvZXJyb3IvYnJvd3Nlci5kbyIgJiYgYm9keT0iL3BvcnRhbCIgJiYgYm9keT0ic2V0dGluZ3Muc2tpblN0eWxlIiAmJiAoYm9keT0ic3JjPVwiL3BvcnRhbC9jb21tb24vanMvY29tbW9uVmFyLmpzIiB8fCBib2R5PSJuZ2lueFNlcnZpY2UvdjEvZG93bmxvYWQvSW5zdGFsbFJvb3RDZXJ0LmV4ZSIpKQ%3D%3D) | | **Number of assets affected** | 15294 | | **Description** | Hikvision-iVMS comprehensive security management platform is an \"integrated\", \"digital\" and \"intelligent\" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems. The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely. | | **Impact** | Hikvision-iVMS comprehensive security management platform is an \"integrated\", \"digital\" and \"intelligent\" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems. The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely. | ![](https://s3.bmp.ovh/imgs/2023/06/02/48cbd695f8499d33.gif) ## WordPress Plugin IWS SQL Injection Vulnerability (CVE-2022-4117) | **Vulnerability** | **WordPress Plugin IWS SQL Injection Vulnerability (CVE-2022-4117)** | | :----: | :-----| | **Chinese name** | WordPress Plugin IWS SQL注入漏洞(CVE-2022-4117) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/iws-geo-form-fields"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2l3cy1nZW8tZm9ybS1maWVsZHMi) | | **Number of assets affected** | 2186 | | **Description** | iws-geo-form-fields is a easy to use WordPress plugin, It uses Ajax to dynamically populate Select fields in your form,It can add Country - State - City select field in your WordPress website. Has an unauthorized SQL injection vulnerability. | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ![](https://s3.bmp.ovh/imgs/2023/06/01/a686613b77d15f5c.gif) ## Netgod SecGate 3600 Firewall File Upload Vulnerability | **Vulnerability** | **Netgod SecGate 3600 Firewall File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 网神SecGate 3600防火墙 文件上传漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [title="网神SecGate 3600防火墙"](https://en.fofa.info/result?qbase64=dGl0bGU9Iue9keelnlNlY0dhdGUgMzYwMOmYsueBq%2BWimSI%3D) | | **Number of assets affected** | 747 | | **Description** | Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management. There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permission | | **Impact** | There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions. | ![](https://s3.bmp.ovh/imgs/2023/06/01/25197f6a68da33df.gif) ## Hangzhou new Zhongda NetcallServer management console default password | **Vulnerability** | **Hangzhou new Zhongda NetcallServer management console default password** | | :----: | :-----| | **Chinese name** | 杭州新中大 NetcallServer 管理控制台默认口令 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title=="netcallServer 管理控制台"](https://en.fofa.info/result?qbase64=dGl0bGU9PSJuZXRjYWxsU2VydmVyIOeuoeeQhuaOp%2BWItuWPsCI%3D) | | **Number of assets affected** | 567 | | **Description** | Hangzhou New Zhongda NetcallServer Management console is an instant messaging software of Hangzhou New Zhongda Technology Co., LTD. There is a default password in the NetcallServer management console of Hangzhou New CUHK, which can be exploited by attackers to obtain sensitive information. | | **Impact** | The attacker can control the whole platform through the default password vulnerability and operate the core functions with the administrator rights. Cause sensitive information to leak. | ![](https://s3.bmp.ovh/imgs/2023/06/01/334aa827a0cbf890.gif) ## D-Link DCS-960L HNAP LoginPassword Authentication Bypass Vulnerability | **Vulnerability** | **D-Link DCS-960L HNAP LoginPassword Authentication Bypass Vulnerability** | | :----: | :-----| | **Chinese name** | D-Link DCS-960L HNAP LoginPassword 认证绕过漏洞 | | **CVSS core** | 8.8 | | **FOFA Query** (click to view the results directly)| [header="DCS-960L" \|\| banner="DCS-960L"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJEQ1MtOTYwTCIgfHwgYmFubmVyPSJEQ1MtOTYwTCI%3D) | | **Number of assets affected** | 16014 | | **Description** | D-Link DCS-960L is a network camera product of China Taiwan D-Link Company.

When D-Link DCS-960L processes the HNAP login request, the processing logic of the parameter LoginPassword is wrong, and the attacker can construct a special login request to bypass the login verification. | | **Impact** | When D-Link DCS-960L processes the HNAP login request, the processing logic of the parameter LoginPassword is wrong, and the attacker can construct a special login request to bypass the login verification. | ![](https://s3.bmp.ovh/imgs/2023/06/02/78c7b86ddb23a225.gif) ## Array Networks AG/vxAG RCE (CVE-2022-42897) | **Vulnerability** | **Array Networks AG/vxAG RCE (CVE-2022-42897)** | | :----: | :-----| | **Chinese name** | Array Networks AG/vxAG 远程代码执行漏洞(CVE-2022-42897) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [banner="/prx/000/http" \|\| header="/prx/000/http" \|\| body="an_util.js"](https://en.fofa.info/result?qbase64=YmFubmVyPSIvcHJ4LzAwMC9odHRwIiB8fCBoZWFkZXI9Ii9wcngvMDAwL2h0dHAiIHx8IGJvZHk9ImFuX3V0aWwuanMi) | | **Number of assets affected** | 10117 | | **Description** | Array Networks AG/vxAG is an Array SSL-VPN gateway product of Array Networks in the United States.

Array Networks AG/vxAG with ArrayOS AG prior to 9.4.0.469 has a security vulnerability that allows an unauthenticated attacker to achieve command injection, resulting in privilege escalation and control over the system. | | **Impact** | Array Networks AG/vxAG with ArrayOS AG prior to 9.4.0.469 has a security vulnerability that allows an unauthenticated attacker to achieve command injection, resulting in privilege escalation and control over the system. | ![](https://s3.bmp.ovh/imgs/2023/06/02/15f9b0a6d6522815.gif) ## ASUS RT-AX56U Sensitive Information Disclosure Vulnerability | **Vulnerability** | **ASUS RT-AX56U Sensitive Information Disclosure Vulnerability** | | :----: | :-----| | **Chinese name** | ASUS RT-AX56U 敏感信息泄漏漏洞 | | **CVSS core** | 5.0 | | **FOFA Query** (click to view the results directly)| [banner="ASUS RT-AX56U" \|\| (body="RT-AX56U" && title=="ASUS Login")](https://fofa.info/result?qbase64=YmFubmVyPSJBU1VTIFJULUFYNTZVIiB8fCAoYm9keT0iUlQtQVg1NlUiICYmIHRpdGxlPT0iQVNVUyBMb2dpbiIp) | | **Number of assets affected** | 291164 | | **Description** | The ASUS RT-AX56U is a WiFi6 dual band 1800M E-sports route that supports the WiFi6 (802.11ax) standard and 80MHz bandwidth to provide better network performance and efficiency. With Trend Micro ™ The supported AiProtection commercial level security protection function provides network security protection for all connected intelligent devices.

After the construction request is sent to the vulnerable device, the passwd or shadow file in the system can be read, causing the password information disclosure problem of the administrator user. | | **Impact** | After the construction request is sent to the vulnerable device, the passwd or shadow file in the system can be read, causing the password information disclosure problem of the administrator user. | ![](https://s3.bmp.ovh/imgs/2023/06/02/ef698a4fd96bc55f.gif) ## kkFileView onlinePreview Arbitrary File Read | **Vulnerability** | **kkFileView onlinePreview Arbitrary File Read** | | :----: | :-----| | **Chinese name** | kkFileView onlinePreview 任意文件读取漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="/onlinePreview?url"](https://en.fofa.info/result?qbase64=Ym9keT0iL29ubGluZVByZXZpZXc%2FdXJsIg%3D%3D) | | **Number of assets affected** | 2360 | | **Description** | Keking kkFileView is a Spring-Boot online preview project for creating file documents of Keking Technology Co., Ltd. in China. here is a security vulnerability in Keking kkFileview, which stems from reading arbitrary files through directory traversal vulnerabilities, which may lead to the leakage of sensitive files on related hosts. | | **Impact** | There is a security vulnerability in Keking kkFileview, which stems from reading arbitrary files through directory traversal vulnerabilities, which may lead to the leakage of sensitive files on related hosts. | ## Ruijie NBR Router webgl.data information | **Vulnerability** | **Ruijie NBR Router webgl.data information** | | :----: | :-----| | **Chinese name** | 锐捷网络 NBR路由器 webgl.data 信息泄露漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body="Ruijie - NBR" \|\| (body="support.ruijie.com.cn" && body="\

系统负荷过高,导致网络拥塞,建议降低系统负荷或重启路由器") \|\| body="class=\"line resource\" id=\"nbr_1\"" \|\| title="锐捷网络 --NBR路由器--登录界面" \|\| title=="锐捷网络") && body!="Server: couchdb"](https://en.fofa.info/result?qbase64=KGJvZHk9IlJ1aWppZSAtIE5CUiIgfHwgKGJvZHk9InN1cHBvcnQucnVpamllLmNvbS5jbiIgJiYgYm9keT0iPHA%2B57O757uf6LSf6I236L%2BH6auY77yM5a%2B86Ie0572R57uc5oul5aGe77yM5bu66K6u6ZmN5L2O57O757uf6LSf6I235oiW6YeN5ZCv6Lev55Sx5ZmoIikgfHwgYm9keT0iY2xhc3M9XCJsaW5lIHJlc291cmNlXCIgaWQ9XCJuYnJfMVwiIiB8fCB0aXRsZT0i6ZSQ5o23572R57ucIC0tTkJS6Lev55Sx5ZmoLS3nmbvlvZXnlYzpnaIiIHx8IHRpdGxlPT0i6ZSQ5o23572R57ucIikgJiYgYm9keSE9IlNlcnZlcjogY291Y2hkYiI%3D) | | **Number of assets affected** | 204290 | | **Description** | Ruijie Network NBR700G router is a wireless routing equipment of Ruijie Network Co., LTD. The NBR700G router of Ruijie Network has information vulnerability, which can be used by attackers to obtain sensitive information. | | **Impact** | Attackers can use this vulnerability to obtain Ruijie network NBR700G router account and password, resulting in sensitive information leakage.| ![](https://s3.bmp.ovh/imgs/2023/05/26/f90351322821464c.gif) ## Gemtek Modem Configuration Interface Default password vulnerability | **Vulnerability** | **Gemtek Modem Configuration Interface Default password vulnerability** | | :----: | :-----| | **Chinese name** | 中保無限Modem Configuration Interface 默认口令漏洞 | | **CVSS core** | 5.0 | | **FOFA Query** (click to view the results directly)| [(title="Modem configuration interface" && body="status_device_status.asp" && body!="Huawei") && header!="Couchdb" && header!="JoomlaWor"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJNb2RlbSBjb25maWd1cmF0aW9uIGludGVyZmFjZSIgJiYgYm9keT0ic3RhdHVzX2RldmljZV9zdGF0dXMuYXNwIiAmJiBib2R5IT0iSHVhd2VpIikgJiYgaGVhZGVyIT0iQ291Y2hkYiIgJiYgaGVhZGVyIT0iSm9vbWxhV29yIg%3D%3D) | | **Number of assets affected** | 4521 | | **Description** | Modem Configuration Interface is an unlimited router management system of China Insurance Corporation. There is a default password in the system. An attacker can control the entire platform through the default password (sigmu/secom) and operate the core functions with administrator privileges. | | **Impact** | attackers can control the entire platform through the default password(sigmu/secom) vulnerability, and use administrator privileges to operate core functions. | ![](https://s3.bmp.ovh/imgs/2023/05/26/fc6fd428ce123e79.gif) ## Weaver e-cology CheckServer.jsp file sql injection vulnerability | **Vulnerability** | **Weaver e-cology CheckServer.jsp file sql injection vulnerability** | | :----: | :-----| | **Chinese name** | 泛微 e-cology CheckServer.jsp 文件 SQL 注入漏洞 | | **CVSS core** | 7.8 | | **FOFA Query** (click to view the results directly)| [((body="szFeatures" && body="redirectUrl") \|\| (body="rndData" && body="isdx") \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js" \|\| body="src=\"/js/jquery/jquery_wev8.js" \|\| (header="Server: WVS" && (title!="404 Not Found" && header!="404 Not Found"))) && header!="testBanCookie" && header!="Couchdb" && header!="JoomlaWor" && body!="\28ZE\"](https://en.fofa.info/result?qbase64=KChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJyZWRpcmVjdFVybCIpIHx8IChib2R5PSJybmREYXRhIiAmJiBib2R5PSJpc2R4IikgfHwgKGJvZHk9InR5cGVvZiBwb3BwZWRXaW5kb3ciICYmIGJvZHk9ImNsaWVudC9qcXVlcnkuY2xpZW50X3dldjguanMiKSB8fCBib2R5PSIvdGhlbWUvZWNvbG9neTgvanF1ZXJ5L2pzL3pEaWFsb2dfd2V2OC5qcyIgfHwgYm9keT0iZWNvbG9neTgvbGFuZy93ZWF2ZXJfbGFuZ183X3dldjguanMiIHx8IGJvZHk9InNyYz1cIi9qcy9qcXVlcnkvanF1ZXJ5X3dldjguanMiIHx8IChoZWFkZXI9IlNlcnZlcjogV1ZTIiAmJiAodGl0bGUhPSI0MDQgTm90IEZvdW5kIiAmJiBoZWFkZXIhPSI0MDQgTm90IEZvdW5kIikpKSAmJiBoZWFkZXIhPSJ0ZXN0QmFuQ29va2llIiAmJiBoZWFkZXIhPSJDb3VjaGRiIiAmJiBoZWFkZXIhPSJKb29tbGFXb3IiICYmIGJvZHkhPSI8dGl0bGU%2BMjhaRTwvdGl0bGU%2BIg%3D%3D) | | **Number of assets affected** | 105760 | | **Description** | Weaver e-cology OA is a high-quality OA office system built on the principles of simplicity, applicability, and efficiency. The software is equipped with over 20 functional modules for processes, portals, knowledge, personnel, and communication, and adopts an intelligent voice interaction office mode. It can perfectly meet the actual needs of enterprises and provide them with full digital management.Weaver e-cology OA has an SQL injection vulnerability, which allows attackers to not only obtain information from the database (such as administrator background passwords, user personal information of the site) through SQL injection vulnerabilities, but also write Trojan horses to the server under high privileges to further gain server system privileges. | | **Impact** | Weavere-cology OA has an SQL injection vulnerability, which allows attackers to not only obtain information from the database (such as administrator background passwords, user personal information of the site) through SQL injection vulnerabilities, but also write Trojan horses to the server under high privileges to further gain server system privileges.| ## Command Execution in Multiple TP-LINK Routers (CVE-2020-9374) | **Vulnerability** | **Command Execution in Multiple TP-LINK Routers (CVE-2020-9374)** | | :----: | :-----| | **Chinese name** | TP_LINK 多款路由器命令执行(CVE-2020-9374) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="tplinkwifi.net" && body="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="](https://en.fofa.info/result?qbase64=Ym9keT0idHBsaW5rd2lmaS5uZXQiICYmIGJvZHk9IkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky89Ig%3D%3D) | | **Number of assets affected** | 378381 | | **Description** | Multiple models of TP-Link routers from TP-Link Technologies Co., Ltd., including TL-WR841N, TL-WR840N, Archer C20, TL-WR849N, Archer C55, Archer C50, TL-WA801ND, TL-WR841HP, TL-WR845N, Archer C20i, Archer C2, are vulnerable to a command execution flaw. Attackers can exploit this vulnerability to execute arbitrary code, inject backdoors, gain server privileges, and ultimately take control of the entire web server. | | **Impact** | An attacker can exploit this vulnerability by sending shell metacharacters through the routing trace feature of the dashboard, allowing them to execute arbitrary commands, inject backdoors, gain server privileges, and ultimately take control of the entire web server.| ## WebLogic JtaTransactionManager Remote Code Execution Vulnerability (CVE-2020-2551) | **Vulnerability** | **WebLogic JtaTransactionManager Remote Code Execution Vulnerability (CVE-2020-2551)** | | :----: | :-----| | **Chinese name** | Weblogic JtaTransactionManager 反序列化远程代码执行漏洞(CVE-2020-2551) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body="Welcome to WebLogic Server")\|\|(title=="Error 404--Not Found") \|\| (((body="\

BEA WebLogic Server" \|\| server="Weblogic" \|\| body="content=\"WebLogic Server" \|\| body="\

Welcome to Weblogic Application" \|\| body="\

BEA WebLogic Server") && header!="couchdb" && header!="boa" && header!="RouterOS" && header!="X-Generator: Drupal") \|\| (banner="Weblogic" && banner!="couchdb" && banner!="drupal" && banner!=" Apache,Tomcat,Jboss" && banner!="ReeCam IP Camera" && banner!="\

Blog Comments\

")) \|\| (port="7001" && protocol=="weblogic")](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIil8fCh0aXRsZT09IkVycm9yIDQwNC0tTm90IEZvdW5kIikgfHwgKCgoYm9keT0iPGgxPkJFQSBXZWJMb2dpYyBTZXJ2ZXIiIHx8IHNlcnZlcj0iV2VibG9naWMiIHx8IGJvZHk9ImNvbnRlbnQ9XCJXZWJMb2dpYyBTZXJ2ZXIiIHx8IGJvZHk9IjxoMT5XZWxjb21lIHRvIFdlYmxvZ2ljIEFwcGxpY2F0aW9uIiB8fCBib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9ImJvYSIgJiYgaGVhZGVyIT0iUm91dGVyT1MiICYmIGhlYWRlciE9IlgtR2VuZXJhdG9yOiBEcnVwYWwiKSB8fCAoYmFubmVyPSJXZWJsb2dpYyIgJiYgYmFubmVyIT0iY291Y2hkYiIgJiYgYmFubmVyIT0iZHJ1cGFsIiAmJiBiYW5uZXIhPSIgQXBhY2hlLFRvbWNhdCxKYm9zcyIgJiYgYmFubmVyIT0iUmVlQ2FtIElQIENhbWVyYSIgJiYgYmFubmVyIT0iPGgyPkJsb2cgQ29tbWVudHM8L2gyPiIpKSB8fCAocG9ydD0iNzAwMSIgJiYgcHJvdG9jb2w9PSJ3ZWJsb2dpYyIp) | | **Number of assets affected** | 127541 | | **Description** | WebLogic Server is one of the application server components applicable to cloud and traditional environments. WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution. | | **Impact** | WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution. | ## ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088) | **Vulnerability** | **ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)** | | :----: | :-----| | **Chinese name** | ActiveMQ 消息代理系统 fileserver 文件上传漏洞(CVE-2016-3088) | | **CVSS core** | 9.6 | | **FOFA Query** (click to view the results directly)| [((((title="Apache ActiveMQ" \|\| (port="8161" && header="Server: Jetty") \|\| header="realm=\"ActiveMQRealm") && header!="couchdb" && header!="drupal" && body!="Server: couchdb") \|\| (banner="server:ActiveMQ" \|\| banner="Magic:ActiveMQ" \|\| banner="realm=\"ActiveMQRealm") \|\| banner="Apache ActiveMQ") \|\| (((title="Apache ActiveMQ" \|\| (port="8161" && header="Server: Jetty") \|\| header="realm=\"ActiveMQRealm") && header!="couchdb" && header!="drupal" && body!="Server: couchdb") \|\| (banner="server:ActiveMQ" \|\| banner="Magic:ActiveMQ" \|\| banner="realm=\"ActiveMQRealm") \|\| banner="Apache ActiveMQ")) && protocol!="activemq" && protocol!="stomp"](https://en.fofa.info/result?qbase64=KCgoKHRpdGxlPSJBcGFjaGUgQWN0aXZlTVEiIHx8IChwb3J0PSI4MTYxIiAmJiBoZWFkZXI9IlNlcnZlcjogSmV0dHkiKSB8fCBoZWFkZXI9InJlYWxtPVwiQWN0aXZlTVFSZWFsbSIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9ImRydXBhbCIgJiYgYm9keSE9IlNlcnZlcjogY291Y2hkYiIpIHx8IChiYW5uZXI9InNlcnZlcjpBY3RpdmVNUSIgfHwgYmFubmVyPSJNYWdpYzpBY3RpdmVNUSIgfHwgYmFubmVyPSJyZWFsbT1cIkFjdGl2ZU1RUmVhbG0iKSB8fCBiYW5uZXI9IkFwYWNoZSBBY3RpdmVNUSIpIHx8ICgoKHRpdGxlPSJBcGFjaGUgQWN0aXZlTVEiIHx8IChwb3J0PSI4MTYxIiAmJiBoZWFkZXI9IlNlcnZlcjogSmV0dHkiKSB8fCBoZWFkZXI9InJlYWxtPVwiQWN0aXZlTVFSZWFsbSIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9ImRydXBhbCIgJiYgYm9keSE9IlNlcnZlcjogY291Y2hkYiIpIHx8IChiYW5uZXI9InNlcnZlcjpBY3RpdmVNUSIgfHwgYmFubmVyPSJNYWdpYzpBY3RpdmVNUSIgfHwgYmFubmVyPSJyZWFsbT1cIkFjdGl2ZU1RUmVhbG0iKSB8fCBiYW5uZXI9IkFwYWNoZSBBY3RpdmVNUSIpKSAmJiBwcm90b2NvbCE9ImFjdGl2ZW1xIiAmJiBwcm90b2NvbCE9InN0b21wIg%3D%3D) | | **Number of assets affected** | 42641 | | **Description** | Apache ActiveMQ is the most popular open source, multi-protocol, Java-based message broker.

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | | **Impact** | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | ## Apache Superset Permission Bypass Vulnerability (CVE-2023-27524) | **Vulnerability** | **Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)** | | :----: | :-----| | **Chinese name** | Apache Superset 权限绕过漏洞(CVE-2023-27524) | | **CVSS core** | 8.9 | | **FOFA Query** (click to view the results directly)| [(title="Superset" && (body="appbuilder" \|\| body="\Back to workspaces\\" \|\| (body="/static/assets/dist/common.644ae7ae973b00abc14b.entry.js" \|\| (body="/static/assets/images/favicon.png" && body="/static/appbuilder/js/jquery-latest.js") && body="Superset") \|\| header="/superset/welcome/" \|\| title="500: Internal server error | Superset" \|\| title="404: Not found | Superset" \|\| banner="/superset/welcome/" \|\| banner="/superset/dashboard/"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCAgdGl0bGU9IjUwMDogSW50ZXJuYWwgc2VydmVyIGVycm9yIHwgU3VwZXJzZXQiIHx8IHRpdGxlPSI0MDQ6IE5vdCBmb3VuZCB8IFN1cGVyc2V0IiB8fCBiYW5uZXI9Ii9zdXBlcnNldC93ZWxjb21lLyIgfHwgYmFubmVyPSIvc3VwZXJzZXQvZGFzaGJvYXJkLyI%3D) | | **Number of assets affected** | 43325 | | **Description** | Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset versions 2.0.1 and earlier have security vulnerabilities. Attackers exploit this vulnerability to verify and access unauthorized resources. | | **Impact** | Attackers can exploit this vulnerability to verify and access unauthorized resources. | ![](https://s3.bmp.ovh/imgs/2023/05/22/46c693629791a204.gif) ## Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308) | **Vulnerability** | **Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308)** | | :----: | :-----| | **Chinese name** | Apache Archiva RepositoryServlet 代理功能 internal 文件任意文件读取漏洞(CVE-2022-40308) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title="Apache Archiva" \|\| body="/archiva.js" \|\| body="/archiva.css"](https://en.fofa.info/result?qbase64=dGl0bGU9IkFwYWNoZSBBcmNoaXZhIiB8fCBib2R5PSIvYXJjaGl2YS5qcyIgfHwgYm9keT0iL2FyY2hpdmEuY3NzIg%3D%3D) | | **Number of assets affected** | 910 | | **Description** | Apache Archiva is a set of software used by the Apache Foundation of the United States to manage one or more remote storages. The software provides features such as remote Repository agents, secure role-based access management, and usage reporting. Versions prior to Apache Archiva 2.2.9 have a security vulnerability, which stems from the ability to read database files directly without logging in if anonymous reading is enabled. | | **Impact** | Versions prior to Apache Archiva 2.2.9 have a security vulnerability, which stems from the ability to read database files directly without logging in if anonymous reading is enabled. | ![](https://s3.bmp.ovh/imgs/2023/05/19/cd6e4b533cae79ff.gif) ## WordPress Plugin InPost Gallery popup_shortcode_attributes File Inclusion Vulnerability(CVE-2022-4063) | **Vulnerability** | **WordPress Plugin InPost Gallery popup_shortcode_attributes File Inclusion Vulnerability(CVE-2022-4063)** | | :----: | :-----| | **Chinese name** | WordPress InPost Gallery 插件 popup_shortcode_attributes 参数文件包含漏洞(CVE-2022-4063) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/inpost-gallery"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2lucG9zdC1nYWxsZXJ5Ig%3D%3D) | | **Number of assets affected** | 556 | | **Description** | InPost Gallery is a powerful and very pleasing photo gallery plugin for working with images in WordPress.There is a file inclusion vulnerability in InPost Gallery < 2.1.4.1. Attackers can exploit this vulnerability to obtain sensitive files. | | **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. | ![](https://s3.bmp.ovh/imgs/2023/05/19/e7c2e191cff78bbd.gif) ## SOPHOS-Netgenie Default Password | **Vulnerability** | **SOPHOS-Netgenie Default Password** | | :----: | :-----| | **Chinese name** | SOPHOS-Netgenie 默认口令 | | **CVSS core** | 5.0 | | **FOFA Query** (click to view the results directly)| [header="Server: Netgenie" \|\| banner="Server: Netgenie"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5ldGdlbmllIiB8fCBiYW5uZXI9IlNlcnZlcjogTmV0Z2VuaWUi) | | **Number of assets affected** | 1566 | | **Description** | With NetGenie, get support for all types of Internet connectivity, viz. VDSL2, ADSL2+, Cable Internet and 3G connection, along with excellent wireless range, high performance, Gigabit port and threat-free Wi-Fi over multiple devices. Get Internet activity reports of children at home along with security reports of your home network.The command center of this series of printers has admin/admin default password. | | **Impact** | SOPHOS-Netgenie have default passwords. Attackers can use the default password admin/admin to log in to the system background without authorization, perform other sensitive operations, and obtain more sensitive information. | ![](https://s3.bmp.ovh/imgs/2023/05/23/a7c7faa7524301b1.gif) ## WAVLINK WN535 G3 router live_ Check.shtml file information disclosure vulnerability (CVE-2022-31845) | **Vulnerability** | **WAVLINK WN535 G3 router live_ Check.shtml file information disclosure vulnerability (CVE-2022-31845)** | | :----: | :-----| | **Chinese name** | WAVLINK WN535 G3 路由器 live_check.shtml 文件信息泄露漏洞(CVE-2022-31845) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="firstFlage"](https://en.fofa.info/result?qbase64=Ym9keT0iZmlyc3RGbGFnZSI%3D) | | **Number of assets affected** | 3001 | | **Description** | WAVLINK WN535 is a dual band 4G LTE intelligent router. There is a security vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927, which originates in live_ There is a vulnerability in check.shtml. Attackers can use this vulnerability to obtain sensitive router information by executing exec cmd functions. | | **Impact** | There is a security vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927, which originates in live_ There is a vulnerability in check.shtml. Attackers can use this vulnerability to obtain sensitive router information by executing exec cmd functions. | ![](https://s3.bmp.ovh/imgs/2023/05/23/5ac982d1b5b0c5b4.gif) ## I3Geo codemirror.php file pagina parameter file read vulnerability (CVE-2022-32409) | **Vulnerability** | **I3Geo codemirror.php file pagina parameter file read vulnerability (CVE-2022-32409)** | | :----: | :-----| | **Chinese name** | i3Geo codemirror.php 文件 pagina 参数文件读取漏洞(CVE-2022-32409) | | **CVSS core** | 7.6 | | **FOFA Query** (click to view the results directly)| [body="i3geo"](https://en.fofa.info/result?qbase64=Ym9keT0iaTNnZW8i) | | **Number of assets affected** | 88 | | **Description** | I3geo is an open source application of salade situacao for developing interactive network maps. I3Geo has a file reading vulnerability, through which an attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely insecure state. | | **Impact** | I3Geo has a file reading vulnerability, through which an attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely insecure state. | ![](https://s3.bmp.ovh/imgs/2023/05/23/17685ef4dce000de.gif) ## Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642) | **Vulnerability** | **Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)** | | :----: | :-----| | **Chinese name** | Telos Alliance Omnia MPX Node 硬件编解码器 downloadMainLog 文件 fname 参数文件读取漏洞(CVE-2022-36642) | | **CVSS core** | 7.6 | | **FOFA Query** (click to view the results directly)| [body="Omnia MPX"](https://en.fofa.info/result?qbase64=Ym9keT0iT21uaWEgTVBYIg%3D%3D) | | **Number of assets affected** | 49 | | **Description** | Telos Alliance Omnia MPX Node is a special hardware codec of Telos Alliance of the United States. Ability to leverage Omnia μ The MPXTM algorithm sends or receives complete FM signals at data rates as low as 320 kbps, making it ideal for networks with limited capacity, including IP radios. There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. | | **Impact** | There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. | ![](https://s3.bmp.ovh/imgs/2023/05/23/e024d90bde2b5088.gif) ## TamronOS IPTV backup file down vulnerability | **Vulnerability** | **TamronOS IPTV backup file down vulnerability** | | :----: | :-----| | **Chinese name** | TamronOS IPTV 系统 backup 任意文件下载漏洞 | | **CVSS core** | 5.0 | | **FOFA Query** (click to view the results directly)| [title="TamronOS IPTV系统"](https://en.fofa.info/result?qbase64=dGl0bGU9IlRhbXJvbk9TIElQVFbns7vnu58i) | | **Number of assets affected** | 472 | | **Description** | TamronOS IPTV system is an intelligent TV management system. The system has an arbitrary file download vulnerability, through which an attacker can read system files and obtain sensitive information. | | **Impact** | an attacker can read system files and obtain sensitive information. | ![](https://s3.bmp.ovh/imgs/2023/05/23/701178b7dafee00c.gif) ## Hikvision NCG Networking Gateway login.php Directory traversal Vulnerability | **Vulnerability** | **Hikvision NCG Networking Gateway login.php Directory traversal Vulnerability** | | :----: | :-----| | **Chinese name** | 海康威视 NCG 联网网关 login.php 文件目录遍历漏洞 | | **CVSS core** | 7.8 | | **FOFA Query** (click to view the results directly)| [body="data/login.php"](https://en.fofa.info/result?qbase64=Ym9keT0iZGF0YS9sb2dpbi5waHAi) | | **Number of assets affected** | 735 | | **Description** | The Hikvision NCG Networking Gateway of Hikvision is a carrier level network gateway device integrating signaling gateway service, media gateway service, security authentication, authority management, log management and network management functions. An attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc. through this vulnerability, causing the website to be in an extremely insecure state. | | **Impact** | An attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc. through this vulnerability, causing the website to be in an extremely insecure state. | ![](https://s3.bmp.ovh/imgs/2023/05/23/a4a531adf15cb89f.gif) ## Wordpress wpjobboard plugin wpjobboard directory traversal vulnerability (CVE-2022-2544) | **Vulnerability** | **Wordpress wpjobboard plugin wpjobboard directory traversal vulnerability (CVE-2022-2544)** | | :----: | :-----| | **Chinese name** | Wordpress wpjobboard 插件 wpjobboard 页面目录遍历漏洞(CVE-2022-2544) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wpjobboard"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dwam9iYm9hcmQi) | | **Number of assets affected** | 1201 | | **Description** | Wpjobboard is a plugin of Wordpress. The Wpjobboard plug-in allows website owners to embed payment forms and make payments via Visa, American Express, Discover and Mastercard through their Click&Lead merchant accounts.The Wpjobboard plug-in has a directory traversal vulnerability, through which an attacker can view sensitive directories and files in the server, control the entire system, and finally cause the system to be in an extremely insecure state. | | **Impact** | The Wpjobboard plug-in has a directory traversal vulnerability, through which an attacker can view sensitive directories and files in the server, control the entire system, and finally cause the system to be in an extremely insecure state. | ![](https://s3.bmp.ovh/imgs/2023/05/23/4ddb35a567453502.gif) ## Telrad-WLTMS-110 Default Password | **Vulnerability** | **Telrad-WLTMS-110 Default Password** | | :----: | :-----| | **Chinese name** | Telrad-WLTMS-110 默认口令 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body="WLTMS-110 Telrad" && body="frameRtoLControl.js") \|\| body="var multipleParameters = \" WLTMS-110"](https://en.fofa.info/result?qbase64=KGJvZHk9IldMVE1TLTExMCBUZWxyYWQiICYmIGJvZHk9ImZyYW1lUnRvTENvbnRyb2wuanMiKSB8fCBib2R5PSJ2YXIgbXVsdGlwbGVQYXJhbWV0ZXJzID0gXCIgV0xUTVMtMTEwIg%3D%3D) | | **Number of assets affected** | 1201 | | **Description** | The Telrad-WLTMS-110 offers deployment flexibility. The high throughput and transmit power of the CPEs combine with the small tower footprint and high capacity of our flagship BreezeCOMPACT base stations - reducing the density of base stations in a network and enabling faster, more affordable LTE deployments.The command center of this series of printers has admin/admin default password. | | **Impact** | Telrad-WLTMS-110  have default passwords. Attackers can use the default password admin/admin to log in to the system background without authorization, perform other sensitive operations, and obtain more sensitive information. | ## Weaver e-cology ofsLogin.jsp User Login Bypass Vulnerability | **Vulnerability** | **Weaver e-cology ofsLogin.jsp User Login Bypass Vulnerability** | | :----: | :-----| | **Chinese name** | Weaver e-cology ofsLogin.jsp 用户登陆绕过漏洞 | | **CVSS core** | 9.3 | | **FOFA Query** (click to view the results directly)| [body="/wui/common/" \|\| body="/wui/index.html"](https://en.fofa.info/result?qbase64=Ym9keT0iL3d1aS9jb21tb24vInx8Ym9keT0iL3d1aS9pbmRleC5odG1sIg%3D%3D) | | **Number of assets affected** | 92980 | | **Description** | The Weaver management application platform (e-cology) is a comprehensive enterprise management platform. It has diversified functions, including enterprise information portal, knowledge document management, work process management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management and data center. This platform helps enterprises integrate various resources, including management, marketing, sales, research and development, personnel, and administrative fields. Through e-cology, these resources can be integrated on a unified platform and provide users with a unified interface for easy operation and information retrieval . The Weaver management application platform (e-cology) has a privilege bypass vulnerability, which allows attackers to bypass system privileges and log in to the system to perform malicious operations | | **Impact** | The Weaver management application platform (e-cology) has a privilege bypass vulnerability, which allows attackers to bypass system privileges and log in to the system to perform malicious operations. | ![](https://s3.bmp.ovh/imgs/2023/05/17/b2f501929dc9ba6c.gif) ## Weblogic Commons Collections serialization code execution vulnerability (CVE-2015-4852) | **Vulnerability** | **Weblogic Commons Collections serialization code execution vulnerability (CVE-2015-4852)** | | :----: | :-----| | **Chinese name** | Weblogic Commons Collections 序列化代码执行漏洞(CVE-2015-4852) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body=\"Welcome to WebLogic Server\") \|\| (title==\"Error 404--Not Found\") \|\| (((body=\"\BEA WebLogic Server\" \|\| server=\"Weblogic\" \|\| body=\"content=\\\"WebLogic Server\" \|\| body=\"\Welcome to Weblogic Application\" \|\| body=\"\BEA WebLogic Server\") && header!=\"couchdb\" && header!=\"boa\" && header!=\"RouterOS\" && header!=\"X-Generator: Drupal\") \|\| (banner=\"Weblogic\" && banner!=\"couchdb\" && banner!=\"drupal\" && banner!=\" Apache,Tomcat,Jboss\" && banner!=\"ReeCam IP Camera\" && banner!=\"\Blog Comments\\")) \|\| (port=\"7001\" && protocol==\"weblogic\")](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIikgfHwgKHRpdGxlPT0iRXJyb3IgNDA0LS1Ob3QgRm91bmQiKSB8fCAoKChib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIgfHwgc2VydmVyPSJXZWJsb2dpYyIgfHwgYm9keT0iY29udGVudD1cIldlYkxvZ2ljIFNlcnZlciIgfHwgYm9keT0iPGgxPldlbGNvbWUgdG8gV2VibG9naWMgQXBwbGljYXRpb24iIHx8IGJvZHk9IjxoMT5CRUEgV2ViTG9naWMgU2VydmVyIikgJiYgaGVhZGVyIT0iY291Y2hkYiIgJiYgaGVhZGVyIT0iYm9hIiAmJiBoZWFkZXIhPSJSb3V0ZXJPUyIgJiYgaGVhZGVyIT0iWC1HZW5lcmF0b3I6IERydXBhbCIpIHx8IChiYW5uZXI9IldlYmxvZ2ljIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiICYmIGJhbm5lciE9IiBBcGFjaGUsVG9tY2F0LEpib3NzIiAmJiBiYW5uZXIhPSJSZWVDYW0gSVAgQ2FtZXJhIiAmJiBiYW5uZXIhPSI8aDI%2BQmxvZyBDb21tZW50czwvaDI%2BIikpIHx8IChwb3J0PSI3MDAxIiAmJiBwcm90b2NvbD09IndlYmxvZ2ljIik%3D) | | **Number of assets affected** | 127703 | | **Description** | WebLogic Server is an application server component suitable for both cloud and traditional environments. The WebLogic Commons Collections component has a remote code execution vulnerability that allows unauthenticated attackers to access vulnerable WebLogic Servers through the IIOP protocol and compromise them. Successful exploitation of the vulnerability can lead to the attacker taking over the WebLogic Server, resulting in remote code execution. | | **Impact** | The WebLogic Commons Collections component has a remote code execution vulnerability that allows unauthenticated attackers to access vulnerable WebLogic Servers through the IIOP protocol and compromise them. Successful exploitation of the vulnerability can lead to the attacker taking over the WebLogic Server, resulting in remote code execution. | ![](https://s3.bmp.ovh/imgs/2023/05/13/a5c75ddf8c43c69e.gif) ## PowerJob /job/list api unauthorized access vulnerability | **Vulnerability** | **PowerJob /job/list api unauthorized access vulnerability** | | :----: | :-----| | **Chinese name** | PowerJob /job/list 接口未授权访问漏洞 | | **CVSS core** | 7.3 | | **FOFA Query** (click to view the results directly)| [(title=\"PowerJob\" && body=\"We're sorry but oms-console\") \|\| (banner=\"Content-Length: 1222\" \|\| banner=\"Content-Length: 1260\") && banner=\"Vary: Origin\" && banner=\"Vary: Access-Control-Request-Headers\" && banner!=\"X-Content-Type-Options: nosniff\"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJQb3dlckpvYiIgJiYgYm9keT0iV2UncmUgc29ycnkgYnV0IG9tcy1jb25zb2xlIikgfHwgKGJhbm5lcj0iQ29udGVudC1MZW5ndGg6IDEyMjIiIHx8IGJhbm5lcj0iQ29udGVudC1MZW5ndGg6IDEyNjAiKSAmJiBiYW5uZXI9IlZhcnk6IE9yaWdpbiIgJiYgYmFubmVyPSJWYXJ5OiBBY2Nlc3MtQ29udHJvbC1SZXF1ZXN0LUhlYWRlcnMiICYmIGJhbm5lciE9IlgtQ29udGVudC1UeXBlLU9wdGlvbnM6IG5vc25pZmYi) | | **Number of assets affected** | 656 | | **Description** | PowerJob (formerly OhMyScheduler) is a new generation of distributed scheduling and computing framework that allows you to easily complete job scheduling and distributed computing of complex tasks. Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system. | | **Impact** | Attackers can exploit an unauthorized access vulnerability in /job/list to obtain task information for the entire system, which could ultimately result in the system being in an extremely insecure state. | ![](https://s3.bmp.ovh/imgs/2023/05/23/0eba0b14510d1610.gif) ## nginxWebUI runCmd file remote command execution vulnerability | **Vulnerability** | **nginxWebUI runCmd file remote command execution vulnerability** | | :----: | :-----| | **Chinese name** | nginxWebUI runCmd 文件命令执行漏洞 | | **CVSS core** | 9.2 | | **FOFA Query** (click to view the results directly)| [title=\"nginxWebUI\" && body=\"refreshCode('codeImg')\"](https://en.fofa.info/result?qbase64=dGl0bGU9Im5naW54V2ViVUkiICYmIGJvZHk9InJlZnJlc2hDb2RlKCdjb2RlSW1nJyki) | | **Number of assets affected** | 5856 | | **Description** | NginxWebUI is a tool for graphical management of nginx configuration. You can use web pages to quickly configure various functions of nginx, including http protocol forwarding, tcp protocol forwarding, reverse proxy, load balancing, static html server, automatic application, renewal and configuration of ssl certificates. After configuration, you can create nginx. conf file, and control nginx to use this file to start and reload, completing the graphical control loop of nginx. Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/05/23/a77433ad12687464.gif) ## Yun-Box authService fastjson serialization code execution vulnerability | **Vulnerability** | **Yun-Box authService fastjson serialization code execution vulnerability** | | :----: | :-----| | **Chinese name** | 云匣子 authService fastjson 序列化代码执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body=\"id=mTokenPlugin width=0 height=0 style=\\\"position: absolute;LEFT: 0px; TOP: 0px\\\"\" && body=\"type=application/x-xtx-axhost\") && (cert=\"Domain Control Validated\" \|\| cert=\"云匣子\")](https://en.fofa.info/result?qbase64=KGJvZHk9ImlkPW1Ub2tlblBsdWdpbiB3aWR0aD0wIGhlaWdodD0wIHN0eWxlPVwicG9zaXRpb246IGFic29sdXRlO0xFRlQ6IDBweDsgVE9QOiAwcHhcIiIgJiYgYm9keT0idHlwZT1hcHBsaWNhdGlvbi94LXh0eC1heGhvc3QiKSAmJiAoY2VydD0iRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIiB8fCBjZXJ0PSLkupHljKPlrZAiKQ%3D%3D) | | **Number of assets affected** | 620 | | **Description** | Yun-Box is a secure management tool developed by Yunanbao for tenants to connect to cloud resources, which can help cloud tenants manage virtual machines, databases, and other resources on the cloud in a more secure and precise manner. With years of experience in operations and security, Yun-Box combines operations and security on the cloud to achieve pre-planned operations, in-process control, and post-audit. Additionally, Yun-Box integrates features such as automated operations, asset topology discovery, and account security to provide comprehensive and reliable cloud security management services. | | **Impact** | Yun-Box uses the vulnerable fastjson component, and hackers can launch attacks on Yun-Box by exploiting the fastjson serialization vulnerability to gain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/05/23/7853202174123e25.gif) ## Realor Tianyi AVS ConsoleExternalApi.XGI file SQL Injection vulnerability | **Vulnerability** | **Realor Tianyi AVS ConsoleExternalApi.XGI file SQL Injection vulnerability** | | :----: | :-----| | **Chinese name** | 瑞友天翼应用虚拟化系统 ConsoleExternalApi.XGI 文件 iDisplayStart 参数 SQL 注入漏洞 | | **CVSS core** | 9.2 | | **FOFA Query** (click to view the results directly)| [title=\"瑞友天翼-应用虚拟化系统\" \|\| title=\"瑞友应用虚拟化系统\"](https://en.fofa.info/result?qbase64=dGl0bGU9IueRnuWPi%2BWkqee%2FvO%2B8jeW6lOeUqOiZmuaLn%2BWMluezu%2Be7nyIgfHwgdGl0bGU9IueRnuWPi%2BW6lOeUqOiZmuaLn%2BWMluezu%2Be7nyI%3D) | | **Number of assets affected** | 55178 | | **Description** | Realor Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more. In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ## Realor Tianyi AVS ConsoleExternalApi.XGI file account param sql injection vulnerability | **Vulnerability** | **Realor Tianyi AVS ConsoleExternalApi.XGI file account param sql injection vulnerability** | | :----: | :-----| | **Chinese name** | 瑞友天翼应用虚拟化系统 ConsoleExternalApi.XGI account 参数 SQL 注入漏洞 | | **CVSS core** | 9.2 | | **FOFA Query** (click to view the results directly)| [title=\"瑞友天翼-应用虚拟化系统\" \|\| title=\"瑞友应用虚拟化系统\"](https://en.fofa.info/result?qbase64=dGl0bGU9IueRnuWPi%2BWkqee%2FvO%2B8jeW6lOeUqOiZmuaLn%2BWMluezu%2Be7nyIgfHwgdGl0bGU9IueRnuWPi%2BW6lOeUqOiZmuaLn%2BWMluezu%2Be7nyI%3D) | | **Number of assets affected** | 55178 | | **Description** | Realor Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more. Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ## Telesquare TLR-2005Ksh setSyncTimeHost RCE | **Vulnerability** | **Telesquare TLR-2005Ksh setSyncTimeHost RCE** | | :----: | :-----| | **Chinese name** | Telesquare TLR-2005Ksh 路由器 setSyncTimeHost 命令执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [title=\"TLR-2005KSH\" \|\| banner=\"TLR-2005KSH login:\"](https://en.fofa.info/result?qbase64=dGl0bGU9IlRMUi0yMDA1S1NIIiB8fCBiYW5uZXI9IlRMUi0yMDA1S1NIIGxvZ2luOiI%3D) | | **Number of assets affected** | 25826 | | **Description** | Telesquare Tlr-2005Ksh is a Sk Telecom LTE router produced by Telesquare Korea. There is a security vulnerability in Telesquare TLR-2005Ksh, attackers can execute arbitrary commands through setSyncTimeHost to obtain server privileges. | | **Impact** | There is a security vulnerability in Telesquare TLR-2005Ksh, attackers can execute arbitrary commands through setSyncTimeHost to obtain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/05/11/99ee97cd77ca8767.gif) ## Telesquare TLR-2005Ksh getUsernamePassword Information Disclosure | **Vulnerability** | **Telesquare TLR-2005Ksh getUsernamePassword Information Disclosure** | | :----: | :-----| | **Chinese name** | Telesquare TLR-2005Ksh 路由器 getUsernamePassword 信息泄露漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [title=\"TLR-2005KSH\" \|\| banner=\"TLR-2005KSH login:\"](https://en.fofa.info/result?qbase64=dGl0bGU9IlRMUi0yMDA1S1NIIiB8fCBiYW5uZXI9IlRMUi0yMDA1S1NIIGxvZ2luOiI%3D) | | **Number of assets affected** | 25826 | | **Description** | Telesquare Tlr-2005Ksh is a Sk Telecom LTE router produced by Telesquare Korea. There is a security hole in Telesquare TLR-2005Ksh. Attackers can obtain sensitive information such as username and password through getUsernamePassword. | | **Impact** | There is a security hole in Telesquare TLR-2005Ksh. Attackers can obtain sensitive information such as username and password through getUsernamePassword. | ![](https://s3.bmp.ovh/imgs/2023/05/12/de09634d3b12cc18.gif) ## Telesquare TLR-2005Ksh ExportSettings.sh file download (CVE-2021-46423) | **Vulnerability** | **Telesquare TLR-2005Ksh ExportSettings.sh file download (CVE-2021-46423)** | | :----: | :-----| | **Chinese name** | Telesquare TLR-2005Ksh 路由器 ExportSettings.sh 文件下载漏洞(CVE-2021-46423) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title=\"TLR-2005KSH\" \|\| banner=\"TLR-2005KSH login:\"](https://en.fofa.info/result?qbase64=dGl0bGU9IlRMUi0yMDA1S1NIIiB8fCBiYW5uZXI9IlRMUi0yMDA1S1NIIGxvZ2luOiI%3D) | | **Number of assets affected** | 25826 | | **Description** | Telesquare Tlr-2005K and so on are the Sk Telecom Lte routers of Korea Telesquare Company. There are security vulnerabilities in Telesquare TLR-2005Ksh, etc., which originate from unauthenticated file downloads. A remote attacker could exploit this vulnerability to download a complete configuration file. | | **Impact** | There are security vulnerabilities in Telesquare TLR-2005Ksh, etc., which originate from unauthenticated file downloads. A remote attacker could exploit this vulnerability to download a complete configuration file. | ![](https://s3.bmp.ovh/imgs/2023/05/12/076acaa0dba4f960.gif) ## Sinovision Cloud CDN live default passwd | **Vulnerability** | **Sinovision Cloud CDN live default passwd** | | :----: | :-----| | **Chinese name** | 华视私云-CDN直播加速服务器默认口令漏洞 | | **CVSS core** | 6.5 | | **FOFA Query** (click to view the results directly)| [body=\"src=\\\"img/dl.gif\\\"\" && title=\"系统登录\" && body=\"华视美达\"](https://en.fofa.info/result?qbase64=Ym9keT0ic3JjPVwiaW1nL2RsLmdpZlwiIiAmJiB0aXRsZT0i57O757uf55m75b2VIiAmJiBib2R5PSLljY7op4bnvo7ovr4i) | | **Number of assets affected** | 737 | | **Description** | CDN Live Broadcast Acceleration Server is a server for CDN live broadcast acceleration. The weak password vulnerability exists in the CDN Live broadcast acceleration server. The attacker can use the default password admin/admin to log in to the system background and obtain the background administrator permission. | | **Impact** | attackers can control the entire platform through default password vulnerabilities and use administrator privileges to operate core functions. | ![](https://s3.bmp.ovh/imgs/2023/05/12/2d290c42299026fa.gif) ## WordPress plugin Welcart e-Commerce content-log.php logfile File Read Vulnerability | **Vulnerability** | **WordPress plugin Welcart e-Commerce content-log.php logfile File Read Vulnerability** | | :----: | :-----| | **Chinese name** | WordPress Welcart e-Commerce 插件 content-log.php 文件 logfile 参数文件读取漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body=\"wp-content/plugins/usc-e-shop\"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3VzYy1lLXNob3Ai) | | **Number of assets affected** | 5453 | | **Description** | Welcart is a free e-commerce plugin for WordPress with top market share in Japan.An arbitrary file read vulnerability exists in Welcart e-Commerce < 2.8.5, and attackers can exploit this vulnerability to obtain sensitive files. | | **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. | ![](https://s3.bmp.ovh/imgs/2023/05/12/2474ac119a44c003.gif) ## secnet Intelligent Router actpt_5g.data Infoleakage | **Vulnerability** | **secnet Intelligent Router actpt_5g.data Infoleakage** | | :----: | :-----| | **Chinese name** | secnet-智能路由系统 actpt_5g.data 信息泄露 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title=\"安网-智能路由系统\" \|\| title==\"智能路由系统\" \|\| title=\"安网科技-智能路由系统\" \|\| banner=\"HTTPD_ac 1.0\" \|\| header=\"HTTPD_ac 1.0\"](https://en.fofa.info/result?qbase64=dGl0bGU9IuWuiee9kS3mmbrog73ot6%2FnlLHns7vnu58iIHx8IHRpdGxlPT0i5pm66IO96Lev55Sx57O757ufIiB8fCB0aXRsZT0i5a6J572R56eR5oqALeaZuuiDvei3r%2BeUseezu%2Be7nyIgfHwgYmFubmVyPSJIVFRQRF9hYyAxLjAiIHx8IGhlYWRlcj0iSFRUUERfYWMgMS4wIg%3D%3D) | | **Number of assets affected** | 71768 | | **Description** | secnet Intelligent AC management system is the wireless AP management system of Guangzhou Secure Network Communication Technology Co., LTD. (" Secure Network Communication "for short). The secnet intelligent AC management system has information vulnerabilities, which can be used by attackers to obtain sensitive information. | | **Impact** | An attacker can use this vulnerability to obtain the WEB login account and password of the AC intelligent routing system and obtain the WEB administrator permission. As a result, sensitive information is leaked. | ![](https://s3.bmp.ovh/imgs/2023/05/12/f8eebf0ce38f975b.gif) ## SQL injection exists on Lotus ERP DictionaryEdit.aspx pag | **Vulnerability** | **SQL injection exists on Lotus ERP DictionaryEdit.aspx pag** | | :----: | :-----| | **Chinese name** | 商混ERP系统 DictionaryEdit.aspx 页面存在SQL注入 | | **CVSS core** | 8.5 | | **FOFA Query** (click to view the results directly)| [title="商混ERP系统"](https://en.fofa.info/result?qbase64=dGl0bGU9IuWVhua3t0VSUOezu%2Be7nyI%3D) | | **Number of assets affected** | 616 | | **Description** | Hangzhou Lotus Software Co., Ltd. developed the commercial ERP system. This system mainly deals with the management of the mixing station of the construction company or various projects, including the sales module, production management module, laboratory module, personnel management, etc. The company's commercial concrete ERP system/Sys/DictionaryEdit dict at aspx_ SQL error injection vulnerability exists in the key parameter, which allows attackers to obtain database permissions. | | **Impact** | In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server under high permissions to further obtain server system permissions. | ![](https://s3.bmp.ovh/imgs/2023/05/12/7fe36b3b6ee2d967.gif) ## V2Board admin.php Permission Bypass Vulnerability | **Vulnerability** | **V2Board admin.php Permission Bypass Vulnerability** | | :----: | :-----| | **Chinese name** | V2Board admin.php 越权访问漏洞 | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [body="/theme/v2board/assets/umi.js"](https://en.fofa.info/result?qbase64=Ym9keT0iL3RoZW1lL3YyYm9hcmQvYXNzZXRzL3VtaS5qcyI%3D) | | **Number of assets affected** | 13299 | | **Description** | V2Board is a stable, simple, fast and easy to use multi-agent protocol management system.bV2Board v1.6.1 has an unauthorized access vulnerability. The authentication method is changed to obtain the cache from Redis to determine whether there is an interface that can be called. As a result, any user can call the interface with administrator privileges to obtain background privileges. | | **Impact** | Due to the lack of strict checks and restrictions on the user's access to the role, the current account can perform related operations on other accounts, such as viewing and modifying. | ## ZyXEL routers Export_Log arbitrary file read | **Vulnerability** | **ZyXEL routers Export_Log arbitrary file read** | | :----: | :-----| | **Chinese name** | ZyXEL 路由器 Export_Log 任意文件读取 | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [(title=".:: Welcome to the Web-Based Configuration::." && body="ZyXEL") \|\| (title="Welcome to the Web-Based Configurator" && (body="/zycss.css" \|\| body="zyxel")) \|\| title="do Router ZyXEL" \|\| title="Welcome to ZyROUTER" \|\| title="ZyXEL Router" \|\| body="\ZyXEL Router\" \|\| banner="ZyXEL-router"](https://en.fofa.info/result?qbase64=KHRpdGxlPSIuOjogV2VsY29tZSB0byB0aGUgV2ViLUJhc2VkIENvbmZpZ3VyYXRpb246Oi4iICYmIGJvZHk9Ilp5WEVMIikgfHwgKHRpdGxlPSJXZWxjb21lIHRvIHRoZSBXZWItQmFzZWQgQ29uZmlndXJhdG9yIiAmJiAoYm9keT0iL3p5Y3NzLmNzcyIgfHwgYm9keT0ienl4ZWwiKSkgfHwgdGl0bGU9ImRvIFJvdXRlciBaeVhFTCIgfHwgdGl0bGU9IldlbGNvbWUgdG8gWnlST1VURVIiIHx8IHRpdGxlPSJaeVhFTCBSb3V0ZXIiIHx8IGJvZHk9IjxmcmllbmRseU5hbWU%2BWnlYRUwgUm91dGVyPC9mcmllbmRseU5hbWU%2BIiB8fCBiYW5uZXI9Ilp5WEVMLXJvdXRlciIK) | | **Number of assets affected** | 733803 | | **Description** | ZyXEL routers are various router products of ZyXEL company. Several ZyXEL routers have an arbitrary file read vulnerability in /Export_Log. | | **Impact** | Several ZyXEL routers have an arbitrary file read vulnerability in /Export_Log. | ![](https://s3.bmp.ovh/imgs/2023/05/12/3909e1c09af8eb25.gif) ## ZXHN H108NS Router tools_admin.asp Permission Bypass Vulnerability | **Vulnerability** | **ZXHN H108NS Router tools_admin.asp Permission Bypass Vulnerability** | | :----: | :-----| | **Chinese name** | 中兴 H108NS 路由器 tools_admin.asp 文件权限绕过漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [banner=\"Basic realm=\\\"H108NS\\\"\" \|\| header=\"Basic realm=\\\"H108NS\\\"\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJCYXNpYyByZWFsbT1cIkgxMDhOU1wiIiB8fCBoZWFkZXI9IkJhc2ljIHJlYWxtPVwiSDEwOE5TXCIi) | | **Number of assets affected** | 8245 | | **Description** | ZTE H108NS router is a router product that integrates WiFi management, route allocation, dynamic access to Internet connections and other functions. The ZTE H108NS router has an identity authentication bypass vulnerability. An attacker can use this vulnerability to bypass identity authentication and allow access to the router's management panel to modify the administrator password to obtain sensitive user information. | | **Impact** | An attacker can use this vulnerability to bypass identity authentication and allow access to the management panel of the router to modify the administrator password and obtain sensitive information of the user. | ![](https://s3.bmp.ovh/imgs/2023/04/27/79bd32a6c7ab12b2.gif) ## ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability | **Vulnerability** | **ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability** | | :----: | :-----| | **Chinese name** | 万户 OA OfficeServer.jsp 任意文件上传漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [(banner=\"OASESSIONID\" && banner=\"/defaultroot/\") \|\| (header=\"OASESSIONID\" && header=\"/defaultroot/\")\|\|body=\"/defaultroot/themes/common/common.css\"\|\|body=\"ezofficeDomainAccount\"\|\|title=\"Wanhu ezOFFICE\" \|\| title=\"万户ezOFFICE\"](https://en.fofa.info/result?qbase64=KGJhbm5lcj0iT0FTRVNTSU9OSUQiICYmIGJhbm5lcj0iL2RlZmF1bHRyb290LyIpIHx8IChoZWFkZXI9Ik9BU0VTU0lPTklEIiAmJiBoZWFkZXI9Ii9kZWZhdWx0cm9vdC8iKXx8Ym9keT0iL2RlZmF1bHRyb290L3RoZW1lcy9jb21tb24vY29tbW9uLmNzcyJ8fGJvZHk9ImV6b2ZmaWNlRG9tYWluQWNjb3VudCJ8fHRpdGxlPSJXYW5odSBlek9GRklDRSIgfHwgdGl0bGU9IuS4h%2BaIt2V6T0ZGSUNFIg%3D%3D) | | **Number of assets affected** | 4715 | | **Description** | ezOFFICE OA is a FlexOffice independent security cooperative office platform for government organizations, enterprises and institutions. ezOFFICE OA OfficeServer There is an arbitrary file upload vulnerability in jsp, through which an attacker can upload arbitrary files to control the entire server. | | **Impact** | File upload vulnerabilities are usually caused by the lax filtering of files uploaded by the file upload function in the code or the unrepaired parsing vulnerabilities related to the web server. Attackers can upload arbitrary files through the file upload point, including the website backdoor file (webshell), to control the entire website. | ![](https://s3.bmp.ovh/imgs/2023/04/27/4287e0695068b5fe.gif) ## seaflysoft ERP getylist_login.do SQL Injection | **Vulnerability** | **seaflysoft ERP getylist_login.do SQL Injection** | | :----: | :-----| | **Chinese name** | 海翔云平台 getylist_login.do SQL 注入漏洞 | | **CVSS core** | 8.0 | | **FOFA Query** (click to view the results directly)| [body=\"checkMacWaitingSecond\"](https://en.fofa.info/result?qbase64=Ym9keT0iY2hlY2tNYWNXYWl0aW5nU2Vjb25kIg%3D%3D) | | **Number of assets affected** | 773 | | **Description** | seaflysoft cloud platform one-stop overall solution provider, business covers wholesale, chain, retail industry ERP solutions, wms warehousing solutions, e-commerce, field work, mobile terminal (PDA, APP, small program) solutions. There is a SQL injection vulnerability in the system getylist_login.do, through which an attacker can obtain database permissions | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ![](https://s3.bmp.ovh/imgs/2023/05/12/416d432cd922426c.gif) ## MCMS list Interface sqlWhere Sql Injection Vulnerability | **Vulnerability** | **MCMS list Interface sqlWhere Sql Injection Vulnerability** | | :----: | :-----| | **Chinese name** | 铭飞 CMS list 接口 sqlWhere 参数 sql 注入漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body=\"铭飞MCMS\" \|\| body=\"/mdiy/formData/save.do\" \|\| body=\"static/plugins/ms/1.0.0/ms.js\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTUNNUyIgfHwgYm9keT0iL21kaXkvZm9ybURhdGEvc2F2ZS5kbyIgfHwgYm9keT0ic3RhdGljL3BsdWdpbnMvbXMvMS4wLjAvbXMuanMi) | | **Number of assets affected** | 3091 | | **Description** | MCMS is a set of lightweight open source content management system developed based on java. It is simple, safe, open source and free. It can run on Linux, Windows, MacOSX, Solaris and other platforms. The system has an sql injection vulnerability before the 5.2.10 version. You can use this vulnerability to obtain sensitive information | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ![](https://s3.bmp.ovh/imgs/2023/05/04/9119224cdf0a37f4.gif) ## WordPress booking-calendar admin-ajax.php File Upload (CVE-2022-3982) | **Vulnerability** | **WordPress booking-calendar admin-ajax.php File Upload (CVE-2022-3982)** | | :----: | :-----| | **Chinese name** | WordPress booking-calendar 插件 admin-ajax.php 任意文件上传漏洞(CVE-2022-3982) | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body=\"wp-content/plugins/booking-calendar/\"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2Jvb2tpbmctY2FsZW5kYXIvIg%3D%3D) | | **Number of assets affected** | 1074 | | **Description** | WordPress booking-calendar is a plugin for creating booking system scheduling calendars for WordPress sites. WordPress Plugin Booking Calendar versions before 3.2.2 have a code problem vulnerability. The vulnerability stems from the fact that the plugin does not verify uploaded files and allows unauthenticated users to upload arbitrary files. Attackers can exploit this vulnerability to achieve RCE. | | **Impact** | WordPress Plugin Booking Calendar versions before 3.2.2 have a code problem vulnerability. The vulnerability stems from the fact that the plugin does not verify uploaded files and allows unauthenticated users to upload arbitrary files. Attackers can exploit this vulnerability to achieve RCE. | ## Weblogic ForeignOpaqueReference Remote Code Execution Vulnerability (CVE-2023-21979) | **Vulnerability** | **Weblogic ForeignOpaqueReference Remote Code Execution Vulnerability (CVE-2023-21979)** | | :----: | :-----| | **Chinese name** | Weblogic ForeignOpaqueReference 反序列化远程代码执行漏洞(CVE-2023-21979) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body="Welcome to WebLogic Server") \|\| (title=="Error 404--Not Found") \|\| (((body="\

BEA WebLogic Server" \|\| server="Weblogic" \|\| body="content=\"WebLogic Server" \|\| body="\

Welcome to Weblogic Application" \|\| body="\

BEA WebLogic Server") && header!="couchdb" && header!="boa" && header!="RouterOS" && header!="X-Generator: Drupal") \|\| (banner="Weblogic" && banner!="couchdb" && banner!="drupal" && banner!=" Apache,Tomcat,Jboss" && banner!="ReeCam IP Camera" && banner!="\

Blog Comments

")) \|\| (port="7001" && protocol=="weblogic")](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIikgfHwgKHRpdGxlPT0iRXJyb3IgNDA0LS1Ob3QgRm91bmQiKSB8fCAoKChib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIgfHwgc2VydmVyPSJXZWJsb2dpYyIgfHwgYm9keT0iY29udGVudD1cIldlYkxvZ2ljIFNlcnZlciIgfHwgYm9keT0iPGgxPldlbGNvbWUgdG8gV2VibG9naWMgQXBwbGljYXRpb24iIHx8IGJvZHk9IjxoMT5CRUEgV2ViTG9naWMgU2VydmVyIikgJiYgaGVhZGVyIT0iY291Y2hkYiIgJiYgaGVhZGVyIT0iYm9hIiAmJiBoZWFkZXIhPSJSb3V0ZXJPUyIgJiYgaGVhZGVyIT0iWC1HZW5lcmF0b3I6IERydXBhbCIpIHx8IChiYW5uZXI9IldlYmxvZ2ljIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiICYmIGJhbm5lciE9IiBBcGFjaGUsVG9tY2F0LEpib3NzIiAmJiBiYW5uZXIhPSJSZWVDYW0gSVAgQ2FtZXJhIiAmJiBiYW5uZXIhPSI8aDI%2BQmxvZyBDb21tZW50czwvaDI%2BIikpIHx8IChwb3J0PSI3MDAxIiAmJiBwcm90b2NvbD09IndlYmxvZ2ljIik%3D) | | **Number of assets affected** | 126908 | | **Description** | WebLogic Server is one of the application server components applicable to cloud and traditional environments. WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution. | | **Impact** | WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution. | ![](https://s3.bmp.ovh/imgs/2023/04/21/4471db3f7b0147fa.gif) ## Weblogic LinkRef Deserialization Remote Code Execution Vulnerability (CVE-2023-21931) | **Vulnerability** | **Weblogic LinkRef Deserialization Remote Code Execution Vulnerability (CVE-2023-21931)** | | :----: | :-----| | **Chinese name** | Weblogic LinkRef 反序列化远程代码执行漏洞(CVE-2023-21931) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [(body="Welcome to WebLogic Server") \|\| (title=="Error 404--Not Found") \|\| (((body="\

BEA WebLogic Server" \|\| server="Weblogic" \|\| body="content=\"WebLogic Server" \|\| body="\

Welcome to Weblogic Application" \|\| body="\

BEA WebLogic Server") && header!="couchdb" && header!="boa" && header!="RouterOS" && header!="X-Generator: Drupal") \|\| (banner="Weblogic" && banner!="couchdb" && banner!="drupal" && banner!=" Apache,Tomcat,Jboss" && banner!="ReeCam IP Camera" && banner!="\

Blog Comments

")) \|\| (port="7001" && protocol=="weblogic")](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIikgfHwgKHRpdGxlPT0iRXJyb3IgNDA0LS1Ob3QgRm91bmQiKSB8fCAoKChib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIgfHwgc2VydmVyPSJXZWJsb2dpYyIgfHwgYm9keT0iY29udGVudD1cIldlYkxvZ2ljIFNlcnZlciIgfHwgYm9keT0iPGgxPldlbGNvbWUgdG8gV2VibG9naWMgQXBwbGljYXRpb24iIHx8IGJvZHk9IjxoMT5CRUEgV2ViTG9naWMgU2VydmVyIikgJiYgaGVhZGVyIT0iY291Y2hkYiIgJiYgaGVhZGVyIT0iYm9hIiAmJiBoZWFkZXIhPSJSb3V0ZXJPUyIgJiYgaGVhZGVyIT0iWC1HZW5lcmF0b3I6IERydXBhbCIpIHx8IChiYW5uZXI9IldlYmxvZ2ljIiAmJiBiYW5uZXIhPSJjb3VjaGRiIiAmJiBiYW5uZXIhPSJkcnVwYWwiICYmIGJhbm5lciE9IiBBcGFjaGUsVG9tY2F0LEpib3NzIiAmJiBiYW5uZXIhPSJSZWVDYW0gSVAgQ2FtZXJhIiAmJiBiYW5uZXIhPSI8aDI%2BQmxvZyBDb21tZW50czwvaDI%2BIikpIHx8IChwb3J0PSI3MDAxIiAmJiBwcm90b2NvbD09IndlYmxvZ2ljIik%3D) | | **Number of assets affected** | 127237 | | **Description** | WebLogic Server is one of the application server components for cloud and traditional environments.There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution. | | **Impact** | There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution. | ![](https://s3.bmp.ovh/imgs/2023/04/19/564df1e41195fca2.gif) ## Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706) | **Vulnerability** | **Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706)** | | :----: | :-----| | **Chinese name** | Apache CouchDB 未认证远程代码执行漏洞 (CVE-2022-24706) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [banner=\"name couchdb at\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJuYW1lIGNvdWNoZGIgYXQi) | | **Number of assets affected** | 2817 | | **Description** | Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An access control error vulnerability existed prior to Apache CouchDB 3.2.2 that stemmed from the ability of an attacker to access an incorrect default installation and gain administrator privileges without authenticating. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/04/17/66ab3b4f04224398.gif) ## ThinkPHP Debug Mode Log Information Disclosure Vulnerability | **Vulnerability** | **ThinkPHP Debug Mode Log Information Disclosure Vulnerability** | | :----: | :-----| | **Chinese name** | ThinkPHP Debug 模式日志信息泄露漏洞 | | **CVSS core** | 5.0 | | **FOFA Query** (click to view the results directly)| [(((header=\"thinkphp\" \|\| header=\"think_template\") && header!=\"couchdb\" && header!=\"St: upnp:rootdevice\") \|\| body=\"href=\\\"http://www.thinkphp.cn\\\">ThinkPHP\\\" \|\| ((banner=\"thinkphp\" \|\| banner=\"think_template\") && banner!=\"couchdb\" && banner!=\"St: upnp:rootdevice\") \|\| (body=\"ThinkPHP\" && body=\"internal function\"))](https://en.fofa.info/result?qbase64=KCgoaGVhZGVyPSJ0aGlua3BocCIgfHwgaGVhZGVyPSJ0aGlua190ZW1wbGF0ZSIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9IlN0OiB1cG5wOnJvb3RkZXZpY2UiKSB8fCBib2R5PSJocmVmPVwiaHR0cDovL3d3dy50aGlua3BocC5jblwiPlRoaW5rUEhQPC9hID48c3VwPiIgfHwgKChiYW5uZXI9InRoaW5rcGhwIiB8fCBiYW5uZXI9InRoaW5rX3RlbXBsYXRlIikgJiYgYmFubmVyIT0iY291Y2hkYiIgJiYgYmFubmVyIT0iU3Q6IHVwbnA6cm9vdGRldmljZSIpIHx8IChib2R5PSJUaGlua1BIUCIgJiYgYm9keT0iaW50ZXJuYWwgZnVuY3Rpb24iKSk%3D) | | **Number of assets affected** | 680923 | | **Description** | env configuration leakage: Attacker can fetch env configuration file in laravel framework 5.5.21 and earlier. CVE-2018-15133: In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. When exploit CVE-2018-15133, you need to input a url path that support POST method. | | **Impact** | Laravel env configuration leakage | ![](https://s3.bmp.ovh/imgs/2023/04/21/a15d8379c113c7b6.gif) ## Laravel env configuration leakage | **Vulnerability** | **Laravel env configuration leakage** | | :----: | :-----| | **Chinese name** | Laravel 环境配置 信息泄露漏洞(CVE-2018-15133) | | **CVSS core** | 8.1 | | **FOFA Query** (click to view the results directly)| [(header=\"laravel_session\")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0ibGFyYXZlbF9zZXNzaW9uIik%3D) | | **Number of assets affected** | 1150688 | | **Description** | env configuration leakage: Attacker can fetch env configuration file in laravel framework 5.5.21 and earlier. CVE-2018-15133: In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. When exploit CVE-2018-15133, you need to input a url path that support POST method. | | **Impact** | Laravel env configuration leakage | ## Nostromo nhttpd RCE (CVE-2019-16278) | **Vulnerability** | **Nostromo nhttpd RCE (CVE-2019-16278)** | | :----: | :-----| | **Chinese name** | Nostromo nhttpd远程代码执行漏洞(CVE-2019-16278) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(header=\"Server: nostromo\" \|\| banner=\"Server: nostromo \")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0iU2VydmVyOiBub3N0cm9tbyIgfHwgYmFubmVyPSJTZXJ2ZXI6IG5vc3Ryb21vICIp) | | **Number of assets affected** | 3737 | | **Description** | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | | **Impact** | Nostromo nhttpd RCE (CVE-2019-16278) | ![](https://s3.bmp.ovh/imgs/2023/04/21/5cc3d5eeb458b766.gif) ## Kibana Unauthorized RCE (CVE-2019-7609) | **Vulnerability** | **Kibana Unauthorized RCE (CVE-2019-7609)** | | :----: | :-----| | **Chinese name** | Kibana 远程代码执行漏洞(CVE-2019-7609) | | **CVSS core** | 6.0 | | **FOFA Query** (click to view the results directly)| [(title=\"Kibana\" \|\| body=\"kbnVersion\" \|\| (header=\"Kbn-Name: kibana\" && header=\"Kbn-Version\") \|\| (body=\"kibana_dashboard_only_user\" && header=\"Kbn-Name\") \|\| (banner=\"Kbn-Name: kibana\" && banner=\"Kbn-Version\")) \|\| (title=\"Kibana\" \|\| body=\"kbnVersion\" \|\| (header=\"Kbn-Name: kibana\" && header=\"Kbn-Version\") \|\| (body=\"kibana_dashboard_only_user\" && header=\"Kbn-Name\") \|\| (banner=\"Kbn-Name: kibana\" && banner=\"Kbn-Version\"))](https://en.fofa.info/result?qbase64=KHRpdGxlPSJLaWJhbmEiIHx8IGJvZHk9ImtiblZlcnNpb24iIHx8IChoZWFkZXI9Iktibi1OYW1lOiBraWJhbmEiICYmIGhlYWRlcj0iS2JuLVZlcnNpb24iKSB8fCAoYm9keT0ia2liYW5hX2Rhc2hib2FyZF9vbmx5X3VzZXIiICYmIGhlYWRlcj0iS2JuLU5hbWUiKSB8fCAoYmFubmVyPSJLYm4tTmFtZToga2liYW5hIiAmJiBiYW5uZXI9Iktibi1WZXJzaW9uIikpIHx8ICh0aXRsZT0iS2liYW5hIiB8fCBib2R5PSJrYm5WZXJzaW9uIiB8fCAoaGVhZGVyPSJLYm4tTmFtZToga2liYW5hIiAmJiBoZWFkZXI9Iktibi1WZXJzaW9uIikgfHwgKGJvZHk9ImtpYmFuYV9kYXNoYm9hcmRfb25seV91c2VyIiAmJiBoZWFkZXI9Iktibi1OYW1lIikgfHwgKGJhbm5lcj0iS2JuLU5hbWU6IGtpYmFuYSIgJiYgYmFubmVyPSJLYm4tVmVyc2lvbiIpKQ%3D%3D) | | **Number of assets affected** | 75087 | | **Description** | By exploiting the vulnerability, the attacker can initiate relevant requests to kibana through the JavaScript prototype chain pollution attack in the timelion component, so as to take over the server and execute arbitrary commands on the server | | **Impact** | Kibana Unauthorized RCE (CVE-2019-7609) | ## MCMS Shiro Deserialization Vulnerability (CVE-2022-22928) | **Vulnerability** | **MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)** | | :----: | :-----| | **Chinese name** | 铭飞 MCMS shiro 反序列化漏洞(CVE-2022-22928) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body=\"铭飞Mcms\" \|\| title=\"铭飞Mcms\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTWNtcyIgfHwgdGl0bGU9IumTremjnk1jbXMi) | | **Number of assets affected** | 295 | | **Description** | Mingfei Mcms is a complete open source J2EE system of Mingfei Technology Co., Ltd. Mingfei Mcms V5 2.2 and earlier versions contain a security vulnerability, which stems from the existence of hard coded Shiro key in the software, which allows attackers to exploit the key and execute arbitrary code. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/04/12/6e4ebece1945ba6f.gif) ## GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669) | **Vulnerability** | **GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669)** | | :----: | :-----| | **Chinese name** | GoAnywhere MFT 反序列化漏洞(CVE-2023-0669) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [banner=\".goanywhere.com\" \|\| title=\"GoAnywhere\"](https://en.fofa.info/result?qbase64=YmFubmVyPSIuZ29hbnl3aGVyZS5jb20iIHx8IHRpdGxlPSJHb0FueXdoZXJlIg%3D%3D) | | **Number of assets affected** | 4399 | | **Description** | GoAnywhere MFT is a solution for managing file transfer, which simplifies data exchange between systems, employees, customers and trading partners. It provides centralized control through extensive security settings, detailed audit trails, and helps to process information in files into XML, EDI, CSV, and JSON databases. There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges. | | **Impact** | There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/04/12/a8aaa327c8938de6.gif) ## ZOHO ManageEngine Password Manager Pro RCE (CVE-2022-35405) | **Vulnerability** | **ZOHO ManageEngine Password Manager Pro RCE (CVE-2022-35405)** | | :----: | :-----| | **Chinese name** | ZOHO ManageEngine Password Manager Pro 远程代码执行漏洞(CVE-2022-35405) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [banner=\"Server: PMP\" \|\| header=\"Server: PMP\" \|\| banner=\"Set-Cookie: pmpcc=\" \|\| header=\"Set-Cookie: pmpcc=\" \|\| title=\"ManageEngine Password Manager Pro\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJTZXJ2ZXI6IFBNUCIgfHwgaGVhZGVyPSJTZXJ2ZXI6IFBNUCIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBwbXBjYz0iIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogcG1wY2M9IiB8fCB0aXRsZT0iTWFuYWdlRW5naW5lIFBhc3N3b3JkIE1hbmFnZXIgUHJvIg%3D%3D) | | **Number of assets affected** | 672 | | **Description** | ZOHO ManageEngine Password Manager Pro is a password manager from the American company ZOHO. ZOHO ManageEngine Password Manager Pro versions prior to 12101 and PAM360 prior to 5510 have security vulnerabilities, attackers can execute arbitrary commands to gain server privileges. | | **Impact** | ZOHO ManageEngine Password Manager Pro versions prior to 12101 and PAM360 prior to 5510 have security vulnerabilities, attackers can execute arbitrary commands to gain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/04/12/8c05d22e66e4bd93.gif) ## WordPress plugin Metform forms Information Disclosure (CVE-2022-1442) | **Vulnerability** | **WordPress plugin Metform forms Information Disclosure (CVE-2022-1442)** | | :----: | :-----| | **Chinese name** | WordPress Metform 插件 forms 文件信息泄露漏洞(CVE-2022-1442) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body=\"wp-content/plugins/metform/\"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL21ldGZvcm0vIg%3D%3D) | | **Number of assets affected** | 13517 | | **Description** | WordPress plugin Metform is a secure contact form plugin for WordPress. There is a security vulnerability in the WordPress plugin Metform. The vulnerability is caused by improper access control in the ~/core/forms/action.php file, and attackers can obtain various key information of users. | | **Impact** | There is a security vulnerability in the WordPress plugin Metform. The vulnerability is caused by improper access control in the ~/core/forms/action.php file, and attackers can obtain various key information of users. | ![](https://s3.bmp.ovh/imgs/2023/04/12/d33ddd786b414472.gif) ## CaiMore Gateway formping file Command Execution Vulnerability | **Vulnerability** | **CaiMore Gateway formping file Command Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 厦门才茂通信科技有限公司网关 formping 文件命令执行漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [banner=\"Basic realm=\\\"CaiMore\" \|\| header=\"Basic realm=\\\"CaiMore\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJCYXNpYyByZWFsbT1cXFwiQ2FpTW9yZSIgfHwgaGVhZGVyPSJCYXNpYyByZWFsbT1cXFwiQ2FpTW9yZSI%3D) | | **Number of assets affected** | 1265 | | **Description** | The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/04/12/7d6fdb188ac503b5.gif) ## Hikvision iSecure Center springboot Information disclosure vulnerability | **Vulnerability** | **Hikvision iSecure Center springboot Information disclosure vulnerability** | | :----: | :-----| | **Chinese name** | 海康综合安防管理平台系统 springboot 信息泄露漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [title=\"综合安防管理平台\" && body=\"nginxService/v1/download/InstallRootCert.exe\"](https://en.fofa.info/result?qbase64=dGl0bGU9Iue7vOWQiOWuiemYsueuoeeQhuW5s%2BWPsCIgJiYgYm9keT0ibmdpbnhTZXJ2aWNlL3YxL2Rvd25sb2FkL0luc3RhbGxSb290Q2VydC5leGUi) | | **Number of assets affected** | 3095 | | **Description** | Hikvision iSecure Center is an integrated management platform, which can centrally manage the access video monitoring points to achieve unified deployment, configuration, management and scheduling. the framework it uses has a spring boot information disclosure vulnerability. An attacker can access the exposed route to obtain information such as environment variables, intranet addresses, and user names in the configuration. | | **Impact** | Hikvision iSecure Center is a spring boot information disclosure vulnerability. An attacker can access and download the heapdump heap to obtain sensitive information such as the intranet account password. | ![](https://s3.bmp.ovh/imgs/2023/04/13/47c0acd2094e7191.gif) ## Ruiyou Tianyi Application Virtualization System Index.php File Remote Code Execution Vulnerability | **Vulnerability** | **Ruiyou Tianyi Application Virtualization System Index.php File Remote Code Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 瑞友天翼应用虚拟化系统 index.php 文件远程代码执行漏洞 | | **CVSS core** | 9.3 | | **FOFA Query** (click to view the results directly)| [body="瑞友应用虚拟化系统" \|\| body="CASMain.XGI?cmd=" \|\| body="瑞友天翼-应用虚拟化系统" \|\| body="DownLoad.XGI?pram="](https://en.fofa.info/result?qbase64=Ym9keT0i55Ge5Y%2BL5bqU55So6Jma5ouf5YyW57O757ufIiB8fCBib2R5PSJDQVNNYWluLlhHST9jbWQ9IiB8fCBib2R5PSLnkZ7lj4vlpKnnv7zvvI3lupTnlKjomZrmi5%2FljJbns7vnu58iIHx8IGJvZHk9IkRvd25Mb2FkLlhHST9wcmFtPSI%3D) | | **Number of assets affected** | 61711 | | **Description** | Ruiyou Tianyi Application Virtualization System Remote Code Execution Vulnerability Intelligence (0day) allows attackers to execute arbitrary code through this vulnerability, resulting in the system being attacked and controlled. The Ruiyou Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more. Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. | ![](https://s3.bmp.ovh/imgs/2023/04/11/ad85ca285f103af4.gif) ## Superdata Software V.NET Struts2 Code Execution Vulnerability | **Vulnerability** | **Superdata Software V.NET Struts2 Code Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 速达软件 V.NET home 文件 存在 Struts2 代码执行漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [body="速达软件技术(广州)有限公司"](https://en.fofa.info/result?qbase64=Ym9keT0i6YCf6L6%2B6L2v5Lu25oqA5pyv77yI5bm%2F5bee77yJ5pyJ6ZmQ5YWs5Y%2B4Ig%3D%3D) | | **Number of assets affected** | 16627 | | **Description** | Superdata software management system is a complete set of enterprise business management system, which organically integrates enterprise purchase management, sales management, warehousing management and financial management. It is extremely easy to use and practical, and comprehensively improves enterprise management ability and work efficiency. Many products of superdata software technology (Guangzhou) Co., Ltd. have code execution vulnerabilities. The code does not filter the controllable parameters of the user, leading to the direct introduction of execution commands and codes, the execution of maliciously constructed statements, and the execution of arbitrary commands or codes through the vulnerability. Attackers can execute arbitrary commands, read and write files, etc. on the server, which is very harmful. | | **Impact** | Because the code does not filter the user controllable parameters, it directly leads to the execution of commands and code, and executes maliciously constructed statements and arbitrary commands or code through vulnerabilities. Attackers can execute arbitrary commands, read and write files, etc. on the server, which is very harmful. | ![](https://s3.bmp.ovh/imgs/2023/04/10/df1506737795d6f4.gif) ## OpenCart So Newsletter Custom Popup 4.0 module email parameter SQL injection vulnerability | **Vulnerability** | **OpenCart So Newsletter Custom Popup 4.0 module email parameter SQL injection vulnerability** | | :----: | :-----| | **Chinese name** | OpenCart So Newsletter Custom Popup 4.0 模块 email 参数 SQL 注入漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [body="extension/module/so_newletter_custom_popup/newsletter"](https://en.fofa.info/result?qbase64=Ym9keT0iZXh0ZW5zaW9uL21vZHVsZS9zb19uZXdsZXR0ZXJfY3VzdG9tX3BvcHVwL25ld3NsZXR0ZXIi) | | **Number of assets affected** | 4474 | | **Description** | The OpenCart Newsletter Custom Popup module is a module for newsletter subscriptions. There is a SQL injection vulnerability in the email parameter of the extension/module/so_newletter_custom_popup/newsletter interface of the Opencart Newsletter Custom Popup 4.0 module due to improper filtering. | | **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. | ![](https://s3.bmp.ovh/imgs/2023/04/12/0092879ad5b9054b.gif) ## WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254) | **Vulnerability** | **WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254)** | | :----: | :-----| | **Chinese name** | WordPress AWP Classifieds 插件 admin-ajax.php 文件 type 参数SQL注入漏洞(CVE-2022-3254) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/another-wordpress-classifieds"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2Fub3RoZXItd29yZHByZXNzLWNsYXNzaWZpZWRzIg%3D%3D) | | **Number of assets affected** | 3526 | | **Description** | WordPress plugin AWP Classifieds is a leading plug-in that quickly and easily adds classified ads sections to your WordPress website in minutes. WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. | | **Impact** | WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. | ![](https://s3.bmp.ovh/imgs/2023/04/13/812af92728d9dd9a.gif) ## GetSimpleCMS theme-edit.php content Arbitrary code execution vulnerability (CVE-2022-41544) | **Vulnerability** | **GetSimpleCMS theme-edit.php content Arbitrary code execution vulnerability (CVE-2022-41544)** | | :----: | :-----| | **Chinese name** | GetSimpleCMS 内容管理系统 theme-edit.php 文件 content 参数任意代码执行漏洞(CVE-2022-41544) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [(body=\"content=\\\"GetSimple\" \|\| body=\"Powered by GetSimple\")](https://en.fofa.info/result?qbase64=KGJvZHk9ImNvbnRlbnQ9XFxcIkdldFNpbXBsZSIgfHwgYm9keT0iUG93ZXJlZCBieSBHZXRTaW1wbGUiKQ%3D%3D) | | **Number of assets affected** | 2784 | | **Description** | GetSimple CMS is a content management system (CMS) written in the PHP language. GetSimple CMS v3.3.16 has a security vulnerability that stems from the discovery of the remote Code execution (RCE) vulnerability through the edited_file parameter in admin/theme-edit.php. | | **Impact** | GetSimple CMS v3.3.16 has a security vulnerability that stems from the discovery of the remote Code execution (RCE) vulnerability through the edited_file parameter in admin/theme-edit.php. | ![](https://s3.bmp.ovh/imgs/2023/04/13/fc08fe3813440052.gif) ## NUUO NVR __debugging_center_utils___.php Command Execution |   **Vulnerability** | **NUUO NVR __debugging_center_utils___.php Command Execution** | | :----: | :-----| |  **Chinese name** | NUUO NVR 摄像机 __debugging_center_utils___.php 命令执行漏洞 | | **CVSS core** | 9.0 | | **FOFA Query** (click to view the results directly)| [title="Network Video Recorder Login"](https://en.fofa.info/result?qbase64=dGl0bGU9Ik5ldHdvcmsgVmlkZW8gUmVjb3JkZXIgTG9naW4i) | | **Number of assets affected** | 10146 | | **Description** | The NUUO NVR video storage management device __debugging_center_utils___.php has an unauthorized remote command execution vulnerability. An attacker can execute arbitrary system commands without any permissions, thereby invading the server and obtaining administrator permissions on the server. | | **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.< | ![](https://s3.bmp.ovh/imgs/2023/04/07/c18c326c391b4092.gif) ## Grafana welcome Arbitrary File Reading Vulnerability |   **Vulnerability** | **Grafana welcome Arbitrary File Reading Vulnerability** | | :----: | :-----| |  **Chinese name** | Grafana 网络应用程序平台 welcome 任意文件读取漏洞 | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [app="Grafana_Labs-公司产品"](https://en.fofa.info/result?qbase64=YXBwPSJHcmFmYW5hX0xhYnMt5YWs5Y%2B45Lqn5ZOBIg%3D%3D) | | **Number of assets affected** | 369673 | | **Description** | Grafana is a cross-platform, open source platform for data visualization web applications. After users configure the connected data source, Grafana can display data graphs and warnings in a Web browser. Unauthorized attackers can exploit this vulnerability and gain access to sensitive server files. | | **Impact** | Grafana can display graphs and warnings in a Web browser. Unauthorized attackers can exploit this vulnerability and gain access to sensitive server files. | ![](https://s3.bmp.ovh/imgs/2023/04/07/ac7eb471dfe138dc.gif) ## MeterSphere File Read Vulnerability(CVE-2023-25814) |   **Vulnerability** | **MeterSphere File Read Vulnerability(CVE-2023-25814)** | | :----: | :-----| |  **Chinese name** | MeterSphere 文件读取漏洞(CVE-2023-25814) | | **CVSS core** | 7.5 | | **FOFA Query** (click to view the results directly)| [app="FIT2CLOUD-MeterSphere"](https://en.fofa.info/result?qbase64=YXBwPSJGSVQyQ0xPVUQtTWV0ZXJTcGhlcmUi) | | **Number of assets affected** | 2552 | | **Description** | MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing, and is fully compatible with mainstream open source standards such as JMeter and Selenium. MeterSphere has an unauthorized arbitrary file read vulnerability. | | **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. | ![](https://s3.bmp.ovh/imgs/2023/04/07/4fd8616dc5a1c81c.gif) ## Yonyou NC com.ufsoft.iufo.jiuqi.JiuQiClientReqDispatch Deserialization Command Execution Vulnerability | **Vulnerability** | **Yonyou NC com.ufsoft.iufo.jiuqi.JiuQiClientReqDispatch Deserialization Command Execution Vulnerability** | | :----: | :-----| | **Chinese name** | 用友NC com.ufsoft.iufo.jiuqi.JiuQiClientReqDispatch 反序列化命令执行漏洞 | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [app="Yonyou-UFIDA-NC"](https://en.fofa.info/result?qbase64=YXBwPSJZb255b3UtVUZJREEtTkMi) | | **Number of assets affected** | 11642 | | **Description** | PlaySMS is a free and open source SMS gateway software. An input validation error vulnerability existed in PlaySMS versions prior to 1.4.3, which was caused by the program not sanitizing malicious strings. An attacker could exploit this vulnerability to execute arbitrary code. | | **Impact** | An input validation error vulnerability existed in PlaySMS versions prior to 1.4.3, which was caused by the program not sanitizing malicious strings. An attacker could exploit this vulnerability to execute arbitrary code. | ![](https://s3.bmp.ovh/imgs/2023/04/06/05179a798f7fc68a.gif) ## OneThink category method code execution vulnerabilities | **Vulnerability** | **OneThink category method code execution vulnerabilities** | | :----: | :-----| | **Chinese name** | OneThink 内容管理框架 category 方法代码执行漏洞 | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [(header="ThinkPHP" && title="Onethink") \|\| body="OneThink\" \|\| body="/css/onethink.css"](https://en.fofa.info/result?qbase64=KGhlYWRlcj0iVGhpbmtQSFAiICYmIHRpdGxlPSJPbmV0aGluayIpIHx8IGJvZHk9IjxhIGhyZWY9XFxcImh0dHA6Ly93d3cub25ldGhpbmsuY25cXFwiIHRhcmdldD1cXFwiX2JsYW5rXFxcIj5PbmVUaGluazwvYT4iIHx8IGJvZHk9Ii9jc3Mvb25ldGhpbmsuY3NzIg%3D%3D) | | **Number of assets affected** | 2854 | | **Description** | OneThink is an open source content management framework developed by the ThinkPHP team based on ThinkPHP. There is a SQL injection vulnerability in the category parameter of the front-end home/article/index method of the OneThink system v1 version. An attacker can use the vulnerability to jointly query any template, causing the file to be included, and finally obtain server permissions. | | **Impact** | There is a SQL injection vulnerability in the category parameter of the front-end home/article/index method of the OneThink system v1 version. An attacker can use the vulnerability to jointly query any template, causing the file to be included, and finally obtain server permissions. | ![](https://s3.bmp.ovh/imgs/2023/04/07/35c9841dac3ce243.gif) ## wavlink mesh.cgi command execution (CVE-2022-2486) | **Vulnerability** | **wavlink mesh.cgi command execution (CVE-2022-2486)** | | :----: | :-----| | **Chinese name** | wavlink mesh.cgi命令执行漏洞(CVE-2022-2486) | | **CVSS core** | 9.8 | | **FOFA Query** (click to view the results directly)| [body="firstFlage"](https://en.fofa.info/result?qbase64=Ym9keT0iZmlyc3RGbGFnZSI%3D) | | **Number of assets affected** | 3078 | | **Description** | WAVLINK is a router developed by China Ruiyin Technology (WAVLINK) company. The system mesh.cgi file has a command execution vulnerability, and attackers can obtain server privileges through this vulnerability. Including models WN530HG4, WN531G3, WN572HG3, WN535G3, WN575A4, etc. | | **Impact** | Attackers can use this vulnerability to execute system commands to gain server privileges. | ![](https://s3.bmp.ovh/imgs/2023/04/07/a53061701522ba0d.gif) ## WSO2 API Manager save_artifact_ajaxprocessor.jsp XXE Vulnerability (CVE-2020-24589) | **Vulnerability** | **WSO2 API Manager save_artifact_ajaxprocessor.jsp XXE Vulnerability (CVE-2020-24589)** | | :----: | :-----| | **Chinese name** | WSO2 API Manager 系统 save_artifact_ajaxprocessor.jsp XXE 漏洞(CVE-2020-24589) | | **CVSS core** | 9.1 | | **FOFA Query** (click to view the results directly)| [title="WSO2" \|\| header="Server: WSO2 Carbon Server" \|\| banner="Server: WSO2 Carbon Server"](https://en.fofa.info/result?qbase64=dGl0bGU9IldTTzIiIHx8IGhlYWRlcj0iU2VydmVyOiBXU08yIENhcmJvbiBTZXJ2ZXIiIHx8IGJhbm5lcj0iU2VydmVyOiBXU08yIENhcmJvbiBTZXJ2ZXIi) | | **Number of assets affected** | 15231 | | **Description** | WSO2 API Manager is a set of API lifecycle management solutions from WSO2 in the United States. A vulnerability exists in WSO2 API Manager. The following products and versions are affected: WSO2 API Manager from version 3.1.0 and API Microgateway version 2.2.0, the attacker can read arbitrary files and detect intranet information, etc. | | **Impact** | A vulnerability exists in WSO2 API Manager. The following products and versions are affected: WSO2 API Manager from version 3.1.0 and API Microgateway version 2.2.0, the attacker can read arbitrary files and detect intranet information, etc. | ![](https://s3.bmp.ovh/imgs/2023/04/07/92ab16512332fe0c.gif) ## Liferay Portal Unauthenticated 7.2.1 RCE (CVE-2020-7961) | **Vulnerability** | **Liferay Portal Unauthenticated 7.2.1 RCE (CVE-2020-7961)** | | :----: | :-----| | **Chinese name** | Liferay Portal 7.2.1 版本 invoke 文件远程代码执行漏洞(CVE-2020-7961)) | | **CVSS core** | 10.0 | | **FOFA Query** (click to view the results directly)| [body="Powered by Liferay Portal" \|\| header="Liferay Portal" \|\| banner="Liferay Portal" \|\| header="guest_language_id=" \|\| banner="guest_language_id=" \|\| body="Liferay.AUI" \|\| body="Liferay.currentURL"](https://en.fofa.info/result?qbase64=Ym9keT0iUG93ZXJlZCBieSBMaWZlcmF5IFBvcnRhbCIgfHwgaGVhZGVyPSJMaWZlcmF5IFBvcnRhbCIgfHwgYmFubmVyPSJMaWZlcmF5IFBvcnRhbCIgfHwgaGVhZGVyPSJndWVzdF9sYW5ndWFnZV9pZD0iIHx8IGJhbm5lcj0iZ3Vlc3RfbGFuZ3VhZ2VfaWQ9IiB8fCBib2R5PSJMaWZlcmF5LkFVSSIgfHwgYm9keT0iTGlmZXJheS5jdXJyZW50VVJMIg%3D%3D) | | **Number of assets affected** | 59885 | | **Description** | Liferay Portal is a set of J2EE-based portal solutions of American Liferay Company. The program uses EJB and JMS and other technologies, and can be used as Web publishing and sharing workspace, enterprise collaboration platform, social network and so on. A code issue vulnerability exists in versions prior to Liferay Portal 7.2.1 CE GA2. A remote attacker could exploit this vulnerability to execute arbitrary code using JSON Web services. | | **Impact** | A code issue vulnerability exists in versions prior to Liferay Portal 7.2.1 CE GA2. A remote attacker could exploit this vulnerability to execute arbitrary code using JSON Web services. | ![](https://s3.bmp.ovh/imgs/2023/04/07/a16de9eefef6f8a5.gif) ## Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944) | **Vulnerability** | **Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)** | | :----: | :-----| | **Chinese name** | Apache ShenYu Admin plugin 接口未授权访问漏洞(CVE-2022-23944) | | **CVSS core** | 9.1 | | **FOFA Query** (click to view the results directly)| [body="id=\\\"httpPath\\\" style=\\\"display: none"](https://fofa.info/result?qbase64=Ym9keT0iaWQ9XFxcImh0dHBQYXRoXFxcIiBzdHlsZT1cXFwiZGlzcGxheTogbm9uZSI%3D) | | **Number of assets affected** | 74 | | **Description** | Apache ShenYu is an asynchronous, high-performance, cross-language, reactive API gateway of the Apache Foundation. Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. | | **Impact** | Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. | ![](https://s3.bmp.ovh/imgs/2023/04/07/7151dc2cc22bed37.gif) ## Microsoft Exchange Server Remote Command Execution Vulnerability (CVE-2021-26857/CVE-2021-26858) | **Vulnerability** | **Microsoft Exchange Server Remote Command Execution Vulnerability (CVE-2021-26857/CVE-2021-26858)** | | :----: | :-----| | **Chinese name** | Microsoft Exchange Server 远程命令执行漏洞(CVE-2021-26857/CVE-2021-26858) | | **CVSS core** | 7.8 | | **FOFA Query** (click to view the results directly)| [banner="Microsoft ESMTP MAIL Service" \|\| banner="Microsoft Exchange Server" \|\| banner="Microsoft Exchange Internet Mail Service" \|\| banner="Microsoft SMTP MAIL" \|\| banner="Microsoft Exchange" \|\| (banner="owa" && banner="Location" && cert!="Technicolor") \|\| banner="Set-Cookie: OutlookSession" \|\| (((header="owa" && (header="Location" \|\| header="X-Owa-Version" \|\| header="Set-Cookie: OWA-COOKIE")) \|\| (body="href=\\\"/owa/auth/" && (title="Outlook" \|\| title="Exchange " \|\| body="var a_sLgn" \|\| body="aria-label=\\\"Outlook Web App\\\" class=\\\"signInImageHeader"))) && header!="WordPress" && body!="wp-content" && body!="wp-includes") \|\| body="\