GobyVuls/GobyVuls-Document.md

Goby History Update Vulnerability Total Document (Continuously Update)

The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.

Updated document date: March 15, 2024

Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194)

Vulnerability	Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194)
Chinese name	Apache Druid Kafka Connect 远程代码执行漏洞（CVE-2023-25194）
CVSS core	8.8
FOFA Query (click to view the results directly)	app="APACHE-Druid"
Number of assets affected	2935
Description	Apache Druid is an open source distributed data storage and analysis system. It is designed to handle large-scale real-time data and provide fast interactive query and analysis.Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server.
Impact	Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server.

.

ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334)

Vulnerability	ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334)
Chinese name	ComfyUI follow_symlinks 文件读取漏洞（CVE-2024-23334）
CVSS core	7.5
FOFA Query (click to view the results directly)	app="ComfyUI"
Number of assets affected	1564
Description	ComfyUI is a powerful, modular stable diffusion GUI, API, and backend. It provides a graphical/node interface for designing and managing stable diffusion pipelines.ComfyUI uses a low version of aiohttp as a web server and configures static routes with the follow_symlinks option enabled, leading to an arbitrary file read vulnerability. The vulnerability allows an attacker to read leaked source code, database configuration files, etc., resulting in a highly insecure web site.
Impact	ComfyUI uses a lower version of the aiohttp component as the web server and configures static routing with the follow_symlinks option enabled, resulting in an arbitrary file reading vulnerability. Attackers can use this vulnerability to read leaked source code, database configuration files, etc., causing the website to be in an extremely unsafe state.

.

WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600)

Vulnerability	WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600)
Chinese name	WordPress Bricks render_element 远程代码执行漏洞（CVE-2024-25600）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="wordpress-bricks"
Number of assets affected	25433
Description	WordPress Bricks is an innovative, community driven, and visual WordPress website builder that allows you to design unique, high-performance, and scalable websites.WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server.
Impact	WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server.

.

Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931)

Vulnerability	Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931)
Chinese name	Weblogic ForeignOpaqueReference 远程代码执行漏洞（CVE-2024-20931）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Weblogic_interface_7001"
Number of assets affected	194125
Description	WebLogic Server is one of the application server components suitable for both cloud and traditional environments.WebLogic has a remote code execution vulnerability that allows an unauthenticated attacker to access and destroy a vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can cause WebLogic Server to be taken over by an attacker, resulting in remote code execution.
Impact	There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution.

.

Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893)

Vulnerability	Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893)
Chinese name	JIvanti Connect Secure 和 Policy Secure saml20.ws 服务端请求伪造漏洞（CVE-2024-21893）
CVSS core	8.2
FOFA Query (click to view the results directly)	app="PulseSecure-SSL-VPN"
Number of assets affected	399547
Description	Ivanti Connect/Policy Secure is a secure remote network connection tool from the American company Ivanti.Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.
Impact	Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.

.

Jenkins args4j file read vulnerability (CVE-2024-23897)

Vulnerability	Jenkins args4j file read vulnerability (CVE-2024-23897)
Chinese name	Jenkins args4j 文件读取漏洞（CVE-2024-23897）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Jenkins"
Number of assets affected	729753
Description	CloudBees Jenkins (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by American CloudBees Company. It is mainly used to monitor continuous software version release/test projects and some regularly executed tasks.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.
Impact	Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.

.

GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204)

Vulnerability	GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204)
Chinese name	GoAnywhere MFT InitialAccountSetup.xhtml 绕过漏洞（CVE-2024-0204）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="GoAnywhere-MFT"
Number of assets affected	4468
Description	GoAnywhere MFT (Managed File Transfer) is an enterprise-class file transfer solution provided by HelpSystems, designed to meet the needs of organizations for secure, manageable and automated file transfer.Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system.
Impact	Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system.

.

Atlassian Confluence template/aui/text-inline.vm code execution vulnerability (CVE-2023-22527)

Vulnerability	Atlassian Confluence template/aui/text-inline.vm code execution vulnerability (CVE-2023-22527)
Chinese name	Atlassian Confluence template/aui/text-inline.vm 代码执行漏洞（CVE-2023-22527）
CVSS core	10
FOFA Query (click to view the results directly)	app="ATLASSIAN-Confluence"
Number of assets affected	1190821
Description	Atlassian Confluence is an enterprise team collaboration and knowledge management software developed by Atlassian that provides a centralized platform for creating, organizing and sharing your team's documents, knowledge base, project plans and collaborative content.Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version.
Impact	Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version.

.

Ivanti Connect Secure and Policy Secure keys-status remote command execution vulnerability (CVE-2023-46805/CVE-2024-21887)

Vulnerability	Ivanti Connect Secure and Policy Secure keys-status remote command execution vulnerability (CVE-2023-46805/CVE-2024-21887)
Chinese name	Ivanti Connect Secure 和 Policy Secure keys-status 远程命令执行漏洞（CVE-2023-46805/CVE-2024-21887）
CVSS core	9.1
FOFA Query (click to view the results directly)	app="Ivanti Connect Secure"
Number of assets affected	154590
Description	Ivanti is a software and information technology services company focused on providing solutions for IT management, security, service management and endpoint management. Ivanti Connect Secure and Ivanti Policy Secure are part of two security solutions from Ivanti for network security and connectivity management.There is a command injection vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x). The authentication bypass vulnerability and the command injection vulnerability can be used to send specially crafted requests and Execute arbitrary commands on the device.
Impact	which utilizes authentication to bypass the vulnerability and in combination with command injection vulnerabilities, can send customized requests and execute arbitrary commands on the device, gain server privileges, and thus control the entire web server.

.

Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)

Vulnerability	Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)
Chinese name	Apache OFBiz webtools/control/ProgramExport 远程代码执行漏洞（CVE-2023-51467）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Apache_OFBiz"
Number of assets affected	5912
Description	Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.
Impact	Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.

.

Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)

Vulnerability	Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)
Chinese name	Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞（CVE-2023-49070）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Apache_OFBiz"
Number of assets affected	5883
Description	Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.
Impact	Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.
.
.

CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)

Vulnerability	CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)
Chinese name	CrushFTP as2-to 认证权限绕过漏洞（CVE-2023-43177）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="crushftp-WebInterface"
Number of assets affected	38695
Description	CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.
Impact	CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.

Splunk Enterprise XSLT Command Execute Vulnerability (CVE-2023-46214)

Vulnerability	Splunk Enterprise XSLT Command Execute Vulnerability (CVE-2023-46214)
Chinese name	Splunk Enterprise XSLT 命令执行漏洞（CVE-2023-46214）
CVSS core	8.0
FOFA Query (click to view the results directly)	app="splunk-Enterprise"
Number of assets affected	134567
Description	Splunk Enterprise is a data collection and analysis software developed by Splunk Corporation in the United States. This software is mainly used for collecting, indexing, and analyzing the data it generates, including data generated by all IT systems and infrastructure (physical, virtual machines, and cloud).Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances.
Impact	Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances.

SysAid userentry file upload vulnerability (CVE-2023-47246)

Vulnerability	SysAid userentry file upload vulnerability (CVE-2023-47246)
Chinese name	SysAid userentry 文件上传漏洞（CVE-2023-47246）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="SysAid-Help-Desk"
Number of assets affected	1819
Description	SysAid is an information technology (IT) service management and help desk solution designed to help organizations more effectively manage their IT infrastructure, help desk support and user needs. SysAid provides a series of functions, including fault reporting, asset management, problem management, change management, knowledge base, automated workflow, etc., to help enterprises improve the efficiency and quality of IT services.SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.
Impact	SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.

Honeywell PM43 loadfile.lp file command execution vulnerability (CVE-2023-3710)

Vulnerability	Honeywell PM43 loadfile.lp file command execution vulnerability (CVE-2023-3710)
Chinese name	Honeywell PM43 loadfile.lp 文件命令执行漏洞（CVE-2023-3710）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Honeywell PM43 "
Number of assets affected	96
Description	The Honeywell PM43 is a printer product of the American company Honeywell.Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.
Impact	Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.

JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793)

Vulnerability	JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793)
Chinese name	JetBrains TeamCity 远程命令执行漏洞（CVE-2023-42793）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="JET_BRAINS-TeamCity"
Number of assets affected	26963
Description	JetBrains TeamCity is a general CI/CD software platform developed by JetBrains.JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user.
Impact	JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user.

JeeSpringCloud uploadFile.jsp file upload vulnerability

Vulnerability	JeeSpringCloud uploadFile.jsp file upload vulnerability
Chinese name	JeeSpringCloud uploadFile.jsp 文件上传漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	app="JeeSpringCloud"
Number of assets affected	282
Description	JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled.
Impact	An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server.

Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)

Vulnerability	Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)
Chinese name	Atlassian Confluence 权限绕过漏洞（CVE-2023-22515）
CVSS core	10.0
FOFA Query (click to view the results directly)	app="ATLASSIAN-Confluence"
Number of assets affected	97667
Description	Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.
Impact	A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.

Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)

Vulnerability	Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)
Chinese name	Junos webauth_operation.php PHPRC 代码执行漏洞（CVE-2023-36845/CVE-2023-36846）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="JUNIPer-Web-Device-Manager"
Number of assets affected	43627
Description	Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service of the Junos operating system to pass in the PHPRC environment variable, turn on the allow_url_include setting, run the incoming encoded PHP code, and gain control of the entire web server.
Impact	Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776)

Vulnerability	Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776)
Chinese name	Apache Superset Cookie 权限绕过漏洞（CVE-2023-27524）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="APACHE-Superset"
Number of assets affected	56089
Description	Apache Superset is an open source modern data exploration and visualization platform.Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state.
Impact	Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state.

Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)

Vulnerability	Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)
Chinese name	Cockpit assetsmanager/upload 文件上传漏洞（CVE-2023-1313）
CVSS core	7.2
FOFA Query (click to view the results directly)	title="Authenticate Please!" || body="password:this.refs.password.value" || body="UIkit.components.formPassword.prototype.defaults.lblShow" || body="App.request('/auth/check'"
Number of assets affected	3185
Description	Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc.
Impact	Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434)

Vulnerability	Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434)
Chinese name	Revive Adserver 广告管理系统 adxmlrpc.php 文件远程代码执行漏洞（CVE-2019-5434）
CVSS core	9.0
FOFA Query (click to view the results directly)	title="Revive Adserver" || body="strPasswordMinLength" || body="Welcome to Revive Adserver"
Number of assets affected	5667
Description	Revive Adserver is an open source advertising management system developed by the Revive Adserver team. The system provides functions such as advertising placement, advertising space management, and data statistics.The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.
Impact	The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.

Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434)

Vulnerability	Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434)
Chinese name	Revive Adserver 广告管理系统 adxmlrpc.php 文件远程代码执行漏洞（CVE-2019-5434）
CVSS core	9.0
FOFA Query (click to view the results directly)	title="Revive Adserver" || body="strPasswordMinLength" || body="Welcome to Revive Adserver"
Number of assets affected	5667
Description	Revive Adserver is an open source advertising management system developed by the Revive Adserver team. The system provides functions such as advertising placement, advertising space management, and data statistics.The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.
Impact	The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.

Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability

Vulnerability	Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability
Chinese name	泛微 E-office flow_xml.php 文件 SORT_ID 参数 SQL 注入漏洞
CVSS core	7.8
FOFA Query (click to view the results directly)	body="href="/eoffice" || body="/eoffice10/client" || body="eoffice_loading_tip" || body="eoffice_init" || header="general/login/index.php" || banner="general/login/index.php" || body="/general/login/view//images/updateLoad.gif" || (body="szFeatures" && body="eoffice") || header="eOffice" || banner="eOffice"
Number of assets affected	21632
Description	Weaver e-office is an OA product for small and medium-sized organizations, developed by Weaver Network Technology Co., LTD.There is an SQL injection vulnerability in flow_xml.php, which can be used by attackers to obtain information in the database (for example, administrator background password, site user personal information).
Impact	An attacker can exploit the SQL injection vulnerability to obtain information from the database (for example, administrator background passwords, site user personal information).

GJP SelectImage.aspx file upload vulnerability

Vulnerability	GJP SelectImage.aspx file upload vulnerability
Chinese name	管家婆订货易在线商城 SelectImage.aspx 文件上传漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title="订货易"
Number of assets affected	2617
Description	Renwoxing took the lead in launching the Guanjiapo purchase, sales, inventory and financial integration software for small and medium-sized enterprises.There is a SelectImage.aspx arbitrary file upload vulnerability in the Guanjiapo Ordering Online Mall. An attacker can use this vulnerability to control the entire system, ultimately causing the system to be in an extremely unsafe state.
Impact	An attacker can take control of the entire system through this vulnerability, ultimately leaving the system in an extremely unsafe state.

Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844)

Vulnerability	Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844)
Chinese name	Junos webauth_operation.php 文件上传漏洞（CVE-2023-36844）
CVSS core	9.8
FOFA Query (click to view the results directly)	title="Juniper Web Device Manager" || banner="juniper" || header="juniper" || body="svg4everybody/svg4everybody.js" || body="juniper.net/us/en/legal-notices" || body="nativelogin_login_credentials"
Number of assets affected	47518
Description	Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service /webauth_operation.php route of the Junos operating system to upload a php webshell, include it through the ?PHPRC parameter, and gain control of the entire web server.
Impact	Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

Weaver ecology XmlRpcServlet Path File Read Vulnerability

Vulnerability	Weaver ecology XmlRpcServlet Path File Read Vulnerability
Chinese name	泛微 e-cology XmlRpcServlet 接口文件读取漏洞
CVSS core	7.8
FOFA Query (click to view the results directly)	((body="szFeatures" && body="redirectUrl") || (body="rndData" && body="isdx") || (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") || body="/theme/ecology8/jquery/js/zDialog_wev8.js" || body="ecology8/lang/weaver_lang_7_wev8.js" || body="src="/js/jquery/jquery_wev8.js" || (header="Server: WVS" && (title!="404 Not Found" && header!="404 Not Found"))) && header!="testBanCookie" && header!="Couchdb" && header!="JoomlaWor" && body!=""
Number of assets affected	111321
Description	Weaver e-cology is an OA office system specifically designed for large and medium-sized enterprises, supporting simultaneous work on PC, mobile, and WeChat platforms.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.
Impact	Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.

UF U8 Cloud upload.jsp file upload vulnerability

Vulnerability	UF U8 Cloud upload.jsp file upload vulnerability
Chinese name	用友 U8 Cloud upload.jsp 文件上传漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	body="开启U8 cloud云端之旅"
Number of assets affected	13473
Description	yonyou U8 cloud is a cloud ERP developed by yonyou.There is a file upload vulnerability in yonyou U8 upload.jsp, which can be exploited by attackers to gain server privileges.
Impact	Attackers can use this vulnerability to upload file, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

Ruijie EWEB Network Management System flwo.control.php type Arbitrary Command Execution Vulnerability

Vulnerability	Ruijie EWEB Network Management System flwo.control.php type Arbitrary Command Execution Vulnerability
Chinese name	Ruijie-EWEB 网管系统 flwo.control.php 文件 type 参数任意命令执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	(body="<span class="resource" mark="login.copyRight">锐捷网络" && body="login.getDeviceInfo") || title="锐捷网络-EWEB网管系统"
Number of assets affected	11544
Description	Ruijie Network Management System is a new generation of cloud based network management software developed by Beijing Ruijie Data Era Technology Co., Ltd. With the slogan of "Innovative Network Management and Information Security in the Data Age", it is positioned as a unified solution for terminal security, IT operations, and enterprise service-oriented management.Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.
Impact	Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

Adobe ColdFusion WDDX JGroups remote code execution vulnerability

Vulnerability	Adobe ColdFusion WDDX JGroups remote code execution vulnerability
Chinese name	Adobe ColdFusion WDDX JGroups 远程代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	body="/cfajax/" || header="CFTOKEN" || banner="CFTOKEN" || body="ColdFusion.Ajax" || body="" || server="ColdFusion" || title="ColdFusion" || (body="crossdomain.xml" && body="CFIDE") || (body="#000808" && body="#e7e7e7")
Number of assets affected	567468
Description	Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code.
Impact	The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server.

Adobe ColdFusion WDDX C3P0 remote code execution vulnerability

Vulnerability	Adobe ColdFusion WDDX C3P0 remote code execution vulnerability
Chinese name	Adobe ColdFusion WDDX C3P0 远程代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	body="/cfajax/" || header="CFTOKEN" || banner="CFTOKEN" || body="ColdFusion.Ajax" || body="" || server="ColdFusion" || title="ColdFusion" || (body="crossdomain.xml" && body="CFIDE") || (body="#000808" && body="#e7e7e7")
Number of assets affected	567468
Description	Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code.
Impact	The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server.

Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability

Vulnerability	Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability
Chinese name	大华智慧园区综合管理平台 searchJson SQL 注入漏洞
CVSS core	8.2
FOFA Query (click to view the results directly)	body="src=\"/WPMS/asset/common/js/jsencrypt.min.js'"
Number of assets affected	5415
Description	Dahua Smart Park Integrated Management Platform is a comprehensive management platform for smart parks built to provide security and efficient management of general public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, parking lot, attendance, visitor, video intercom, information release and other business subsystems to provide customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a comprehensive security solution for the six major areas of "public management, infrastructure, economic development, ecological protection, security, and social services". There is a sql injection vulnerability in the comprehensive management platform of Dahua Smart Park. In addition to using the SQL injection vulnerability to obtain information in the database (for example, administrator background passwords, personal information of site users), attackers can even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.
Impact	In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.

Dahua Smart Park Integrated Management Platform source/publishing/publishing/material/file/video File Upload Vulnerability

Vulnerability	Dahua Smart Park Integrated Management Platform source/publishing/publishing/material/file/video File Upload Vulnerability
Chinese name	大华智慧园区综合管理平台 source/publishing/publishing/material/file/video 文件上传漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	body="src=\"/WPMS/asset/common/js/jsencrypt.min.js"
Number of assets affected	5420
Description	Dahua Smart Park Comprehensive Management Platform The smart park comprehensive management platform is built to provide safe and efficient management for common public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, and parking Field, attendance, visitor, video intercom, information release and other business subsystems, providing customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a "public management, infrastructure, economic development Comprehensive security solutions in the six major areas of , ecological protection, security, and social services. There is a file upload vulnerability in the Dahua Smart Park system /publishing/, which leads to the server being controlled.
Impact	There is a file upload vulnerability in the comprehensive management platform of the smart park of Zhejiang Dahua Technology Co., Ltd. An attacker can use this vulnerability to obtain server permissions by uploading a specific configuration file.

SolarView Compact downloader.php RCE (CVE-2023-23333)

Vulnerability	SolarView Compact downloader.php RCE (CVE-2023-23333)
Chinese name	SolarView Compact downloader.php 任意命令执行漏洞（CVE-2023-23333）
CVSS core	10.0
FOFA Query (click to view the results directly)	body="SolarView Compact"
Number of assets affected	4941
Description	There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
Impact	Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.

EMERSON-XWEB-EVO upload.cgi path Directory Traversal Vulnerability (CVE-2021-45427)

Vulnerability	EMERSON-XWEB-EVO upload.cgi path Directory Traversal Vulnerability (CVE-2021-45427)
Chinese name	EMERSON-XWEB-EVO upload.cgi 文件 path 参数目录遍历漏洞（CVE-2021-45427）
CVSS core	7.5
FOFA Query (click to view the results directly)	body="src=\"img/xweb-logo.png" || body="src=\"/css/images/Logo_XWEB_alpha.png"
Number of assets affected	15849
Description	Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States. Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions.
Impact	Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States. Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions.

Acmailer init_ctl.cgi sendmail_path Remote Command Execution Vulnerability (CVE-2021-20617)

Vulnerability	Acmailer init_ctl.cgi sendmail_path Remote Command Execution Vulnerability (CVE-2021-20617)
Chinese name	Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞（CVE-2021-20617）
CVSS core	9.0
FOFA Query (click to view the results directly)	body="CGI acmailer"
Number of assets affected	557
Description	Acmailer is a CGI software used to support mail services. Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions.
Impact	Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions.

Acmailer enq_form.cgi Authentication Bypass Vulnerability (CVE-2021-20618)

Vulnerability	Acmailer enq_form.cgi Authentication Bypass Vulnerability (CVE-2021-20618)
Chinese name	Acmailer 邮件系统 enq_form.cgi 认证绕过漏洞（CVE-2021-20618）
CVSS core	9.0
FOFA Query (click to view the results directly)	body="CGI acmailer"
Number of assets affected	552
Description	Acmailer is a CGI software used to support mail services.Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges.
Impact	Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges.

Frappe Framework frappe.core.doctype.data_import.data_import.get_preview_from_template import_file Arbitrary File Read Vulnerability (CVE-2022-41712)

Vulnerability	Frappe Framework frappe.core.doctype.data_import.data_import.get_preview_from_template import_file Arbitrary File Read Vulnerability (CVE-2022-41712)
Chinese name	Frappe-Framework 框架 frappe.core.doctype.data_import.data_import.get_preview_from_template 文件 import_file 参数任意文件读取漏洞（CVE-2022-41712）
CVSS core	6.5
FOFA Query (click to view the results directly)	body="<meta name=\"generator\" content=\"frappe" || body="frappe.ready_events.push (fn):" || header= "Link: </assets/frappe/js/lib/jquery/query.min.js" || header="</assets/frap pe/dist/js/frappe-web.bundle.7XJQJMPF.js"
Number of assets affected	48857
Description	An attacker can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in the extremely insecure state of the website.
Impact	At present, the manufacturer has issued an upgrade patch to fix the vulnerability. The patch access link is:https://github.com/frappe/frappe/releases/tag/v14.12.0

Netgear Devices boardDataWW.php Unauthenticated Remote Command Execution

Vulnerability	Netgear Devices boardDataWW.php Unauthenticated Remote Command Execution
Chinese name	Netgear 多款设备 boardDataWW.php 文件命令执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title=="Netgear"
Number of assets affected	556
Description	(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Impact	(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)

Vulnerability	Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)
Chinese name	Metabase JDBC 远程代码执行漏洞（CVE-2023-38646）
CVSS core	9.8
FOFA Query (click to view the results directly)	title=="Metabase" || ((body="<script type="application/json" id="_metabaseBootstrap">" || body="window.MetabaseLocalization = JSON.parse(document.getElementById("_metabaseLocalization").textContent);") && body="window.MetabaseRoot = actualRoot;")
Number of assets affected	66604
Description	Metabase is an open source data analysis and visualization tool that helps users easily connect to various data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges.
Impact	A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges.

Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)

Vulnerability	Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)
Chinese name	Adobe ColdFusion 远程代码执行漏洞（CVE-2023-38203）
CVSS core	9.8
FOFA Query (click to view the results directly)	(body="crossdomain.xml" && body="CFIDE") || (body="#000808" && body="#e7e7e7")
Number of assets affected	3740
Description	Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code.
Impact	The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server.

SANGFOR-IOMS catjs.php File Read Vulnerability

Vulnerability	SANGFOR-IOMS catjs.php File Read Vulnerability
Chinese name	深信服上网优化管理系统 catjs.php 文件读取漏洞
CVSS core	6.0
FOFA Query (click to view the results directly)	title="SANGFOR上网优化管理"
Number of assets affected	97
Description	Convinced by the Internet optimization management system deployment does not need to be adjusted, and transparent bridging mode is supported in organizational networks. At the same time, Intranet users can directly access the Internet regardless of any changes and maintain the original Internet access habits. This enables all data centers, links, and servers to be fully utilized.catjs.php file has any file reading vulnerability, through which an attacker can download any file in the server and leak sensitive information of the server.
Impact	Attackers can use this vulnerability to read important server files, such as system configuration files, database configuration files, and so on, causing the website to be in an extremely insecure state.

Command Execution Vulnerability in Hikvision Operations Management Center

Vulnerability	Command Execution Vulnerability in Hikvision Operations Management Center
Chinese name	海康运行管理中心命令执行漏洞
CVSS core	9.6
FOFA Query (click to view the results directly)	header="X-Content-Type-Options: nosniff" && body="<h1>Welcome to OpenResty!</h1>" && header="X-Xss-Protection: 1; mode=block"
Number of assets affected	5905
Description	Hikvision is a video-centric provider of intelligent IoT solutions and big data services. A command execution vulnerability exists in the operation and management center system of Hangzhou Hikvision Digital Technology Co. An attacker could use the vulnerability to gain server privileges.
Impact	The latest version has fixed the vulnerability, upgrade the system version to the latest version :https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0

Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability

Vulnerability	Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability
Chinese name	网神 SecGate 3600 防火墙 obj_area_import_save 文件上传漏洞
CVSS core	10.0
FOFA Query (click to view the results directly)	title="网神SecGate 3600防火墙"
Number of assets affected	725
Description	Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.
Impact	There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.

Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability

Vulnerability	Netgod SecGate 3600 Firewall app_av_import_save File Upload Vulnerability
Chinese name	网神 SecGate 3600 防火墙 app_av_import_save 文件上传漏洞
CVSS core	10.0
FOFA Query (click to view the results directly)	title="网神SecGate 3600防火墙"
Number of assets affected	725
Description	Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.
Impact	There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.

Kingdee Apusic Application Server deployApp Arbitrary File Upload Vulnerability

Vulnerability	Kingdee Apusic Application Server deployApp Arbitrary File Upload Vulnerability
Chinese name	Apusic应用服务器 deployApp 任意文件上传漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title="Apusic应用服务器"
Number of assets affected	232
Description	Kingdee Apusic application server is the first pure Java application server in China with its own intellectual property rights following the J2EE standard.There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions.
Impact	There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions.

DOCBOX dynamiccontent.properties.xhtml Remote Code Execution Vulnerability

Vulnerability	DOCBOX dynamiccontent.properties.xhtml Remote Code Execution Vulnerability
Chinese name	DOCBOX dynamiccontent.properties.xhtml 文件 cmd 参数远程代码执行漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	body="docbox.webapp"
Number of assets affected	657
Description	DOCBOX is a solution that can improve healthcare, is easy to use, and is based on a secure, open system.There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions.
Impact	There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions.

Kingdee-EAS easWebClient Arbitrary File Download Vulnerability

Vulnerability	Kingdee-EAS easWebClient Arbitrary File Download Vulnerability
Chinese name	金蝶-EAS easWebClient 任意文件下载漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body="easSessionId" || header="easportal" || header="eassso/login" || banner="eassso/login" || body="/eassso/common" || (title="EAS系统登录" && body="金蝶")
Number of assets affected	255
Description	Kingdee-EAS is a leading enterprise management system, which helps enterprises to build an integrated platform for industry, treasury, tax and invoice files, covering human resource management, tax management, financial sharing, procurement management, inventory management, production and manufacturing, etc.There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar.
Impact	There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar.

seeyon M1 Server userTokenService Code Execution Vulnerability

Vulnerability	seeyon M1 Server userTokenService Code Execution Vulnerability
Chinese name	致远 M1 移动端 userTokenService 代码执行漏洞
CVSS core	10.0
FOFA Query (click to view the results directly)	title=="M1-Server 已启动"
Number of assets affected	7050
Description	Seeyon M1 Server is a mobile device.Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server.
Impact	Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server.

Yonyou KSOA QueryService SQL Injection vulnerability

Vulnerability	Yonyou KSOA QueryService SQL Injection vulnerability
Chinese name	用友时空 KSOA QueryService 处 content 参数 SQL 注入漏洞
CVSS core	10.0
FOFA Query (click to view the results directly)	body="onmouseout="this.classname='btn btnOff'""
Number of assets affected	3995
Description	Yonyou KSOA spacetime is based on the KSOA concept under the guidance of research and development of a new generation of products, is according to the forefront of circulation enterprises IT requirements to launch the unification of the IT infrastructure, IT can make circulation enterprises established between IT systems in different historical periods, relaxed conversation with each other, help circulation enterprises to protect the existing IT investments, simplify IT management, enhance competition ability, Ensure that the overall strategic objectives and innovation activities of the enterprise are achieved. SQL injection vulnerability exists in some function of Yonyou spatio-temporal KSOA, which can be used by attackers to obtain database sensitive information.
Impact	In addition to using SQL injection vulnerability to obtain information in the database (for example, administrator background password, site user personal information), the attacker can even write Trojan horse to the server in the case of high permission to further obtain server system permission.

Qi An Xin Tianqing Terminal Security Management System information disclosure vulnerability

Vulnerability	Qi An Xin Tianqing Terminal Security Management System information disclosure vulnerability
Chinese name	奇安信天擎终端安全管理系统信息泄露漏洞
CVSS core	5.6
FOFA Query (click to view the results directly)	title="新天擎"
Number of assets affected	574
Description	Tianqing Terminal Security Management System is an integrated terminal security product solution for government and enterprise units.Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address.
Impact	Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address.

Tianqing terminal security management system YII_CSRF_TOKEN remote code execution vulnerability

Vulnerability	Tianqing terminal security management system YII_CSRF_TOKEN remote code execution vulnerability
Chinese name	天擎终端安全管理系统 YII_CSRF_TOKEN 远程代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title="360新天擎" || body="appid":"skylar6" || body="/task/index/detail?id={item.id}" || body="已过期或者未授权，购买请联系4008-136-360" || title="360天擎" || title="360天擎终端安全管理系统"
Number of assets affected	875
Description	Qi Anxin Tianqing is a terminal security management system (referred to as "Tianqing") product of Qi Anxin Group dedicated to integrated terminal security solutions.The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions.
Impact	The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions.

91skzy Enterprise process control system login File Read vulnerability

Vulnerability	91skzy Enterprise process control system login File Read vulnerability
Chinese name	时空智友企业流程化管控系统 login 文件读取漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	body="企业流程化管控系统" && body="密码(Password):"
Number of assets affected	1467
Description	Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.
Impact	Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.

91skzy Enterprise process control system formservice File Upload vulnerability

Vulnerability	91skzy Enterprise process control system formservice File Upload vulnerability
Chinese name	时空智友企业流程化管控系统 formservice 文件上传漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	body="企业流程化管控系统" && body="密码(Password):"
Number of assets affected	1467
Description	Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions.
Impact	Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions.

Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability

Vulnerability	Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability
Chinese name	广联达-Linkworks 协同办公管理平台 GetUserByEmployeeCode 文件 employeeCode 参数 SQL注入漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body="Services/Identification/login.ashx" || header="Services/Identification/login.ashx" || banner="Services/Identification/login.ashx"
Number of assets affected	27341
Description	Glodon-Linkworks collaborative office management platform is a management system that focuses on the entire life cycle of engineering projects and provides customers with digital software and hardware products and solutions.Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords.
Impact	Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords.

Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability

Vulnerability	Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability
Chinese name	华天动力-OA8000 MyHttpServlet 文件 reportFile 参数文件上传漏洞
CVSS core	8.6
FOFA Query (click to view the results directly)	body="/OAapp/WebObjects/OAapp.woa"
Number of assets affected	2226
Description	Huatian-OA8000 is a combination of advanced management ideas, management models, software technology and network technology, providing users with a low-cost, high-efficiency collaborative office and management platform.There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.
Impact	There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.

Ruijie WEB Management System EXCU_SHELL Information Disclosure Vulnerability

Vulnerability	Ruijie WEB Management System EXCU_SHELL Information Disclosure Vulnerability
Chinese name	锐捷交换机 WEB 管理系统 EXCU_SHELL 信息泄露漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body="img/free_login_ge.gif" && body="./img/login_bg.gif"
Number of assets affected	912
Description	Ruijie WEB management system is a switch device widely used in government, education, finance, medical and health care, and enterprises.Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system.
Impact	Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system.

RSeeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability

Vulnerability	Seeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability
Chinese name	致远互联-OA wpsAssistServlet 文件 templateUrl 参数任意文件读取漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body="/seeyon/USER-DATA/IMAGES/LOGIN/login.gif" || title="用友致远A" || (body="/yyoa/" && body!="本站内容均采集于") || header="path=/yyoa" || server=="SY8044" || (body="A6-V5企业版" && body="seeyon" && body="seeyonProductId") || (body="/seeyon/common/" && body="var _ctxpath = '/seeyon'") || (body="A8-V5企业版" && body="/seeyon/") || banner="Server: SY8044"
Number of assets affected	53406
Description	Seeyou-OA is a collaborative office software that digitally builds the digital collaborative operation platform of enterprises and provides one-stop big data analysis solutions for various business scenarios of enterprises.Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system.
Impact	Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system.

koronsoft AIO management system UtilServlet fileName File Read vulnerability

Vulnerability	koronsoft AIO management system UtilServlet fileName File Read vulnerability
Chinese name	科荣 AIO 管理系统 UtilServlet 文件 fileName 参数文件读取漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	body="changeAccount('8000')"
Number of assets affected	1976
Description	KoronsoftAIO management system is a very excellent enterprise management tool.The UtilServlet file reading vulnerability of koronsoftAIO management system can be used to obtain sensitive information of the system.
Impact	The UtilServlet file reading vulnerability ofkoronsoftAIO management system can be used to obtain sensitive information of the system.

91skzy Enterprise process control system wc.db Information Disclosure vulnerability

Vulnerability	91skzy Enterprise process control system wc.db Information Disclosure vulnerability
Chinese name	时空智友企业流程化管控系统 wc.db 文件信息泄露漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	body="企业流程化管控系统" && body="密码(Password):"
Number of assets affected	1213
Description	Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.
Impact	Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.

Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability

Vulnerability	Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability
Chinese name	金蝶云星空 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 任意代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title="金蝶云星空"
Number of assets affected	6729
Description	Kingdee Cloud Starry Sky-Management Center is based on a leading assembleable low-code PaaS platform, which comprehensively serves customers' transformation in R&D, production, marketing, supply chain, finance and other fields.There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.
Impact	There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.

Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability

Vulnerability	Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability
Chinese name	畅捷通T+ DownloadProxy.aspx 文件 Path 参数文件读取漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body=">