mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-06-20 01:40:20 +00:00
1.5 KiB
1.5 KiB
kafka-ui messages remote code execution vulnerability (CVE-2023-52251)
| Vulnerability | kafka-ui messages remote code execution vulnerability (CVE-2023-52251) |
|---|---|
| Chinese name | kafka-ui messages 远程代码执行漏洞(CVE-2023-52251) |
| CVSS core | 8.8 |
| FOFA Query (click to view the results directly) | app="kafka-ui" |
| Number of assets affected | 6503 |
| Description | The kafka-ui project is developed and maintained by Provectus Company and aims to provide Kafka users with a visual management tool to simplify the management and monitoring tasks of Kafka clusters.kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
| Impact | kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server. |
.