admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-07 13:36:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2023-32315.md
Goby a1f4aa29ea
Create CVE-2023-32315.md 
add CVE-2023-32315
2023-06-16 21:27:51 +08:00

13 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)
| **Vulnerability** | **Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)** |
| :----: | :-----|
| **Chinese name** | Ignite Realtime Openfire 权限绕过漏洞CVE-2023-32315 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [(body="background: transparent url(images/login_logo.gif) no-repeat" && body="Openfire") \|\| (body="class=\"row justify-content-center\"" && body="\<title>Openfire 管理界面\</title>") \|\| title="Openfire Admin Console" \|\| title="Openfire HTTP Binding Service" \|\| (body="align=\"right\" id=\"jive-loginVersion" && body="Openfire") \|\| title="Открытый огонь Консоль Администрации" \|\| title=="Openfire 管理界面"](https://en.fofa.info/result?qbase64=KGJvZHk9ImJhY2tncm91bmQ6IHRyYW5zcGFyZW50IHVybChpbWFnZXMvbG9naW5fbG9nby5naWYpIG5vLXJlcGVhdCIgJiYgYm9keT0iT3BlbmZpcmUiKSB8fCAoYm9keT0iY2xhc3M9XCJyb3cganVzdGlmeS1jb250ZW50LWNlbnRlclwiIiAmJiBib2R5PSI8dGl0bGU%2BT3BlbmZpcmUg566h55CG55WM6Z2iPC90aXRsZT4iKSB8fCB0aXRsZT0iT3BlbmZpcmUgQWRtaW4gQ29uc29sZSIgfHwgdGl0bGU9Ik9wZW5maXJlIEhUVFAgQmluZGluZyBTZXJ2aWNlIiB8fCAoYm9keT0iYWxpZ249XCJyaWdodFwiIGlkPVwiaml2ZS1sb2dpblZlcnNpb24iICYmIGJvZHk9Ik9wZW5maXJlIikgfHwgdGl0bGU9ItCe0YLQutGA0YvRgtGL0Lkg0L7Qs9C%2B0L3RjCDQmtC%2B0L3RgdC%2B0LvRjCDQkNC00LzQuNC90LjRgdGC0YDQsNGG0LjQuCIgfHwgdGl0bGU9PSJPcGVuZmlyZSDnrqHnkIbnlYzpnaIi) |
| **Number of assets affected** | 49936 |
| **Description** | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
![](https://s3.bmp.ovh/imgs/2023/06/16/ab6c2f05e446d56a.gif)
Reference in New Issue View Git Blame Copy Permalink