漏洞描述
【漏洞对象】云优cms开源城市分站管理系统 【涉及版本】1.1.5版本 【漏洞描述】该系统index文件orderby参数存在前台getshell,可能导致攻击者在服务器端任意执行代码,进而控制整个web服务器。
云优cms开源城市分站管理系统1.1.5前台-获得Shell
PoC代码
暂无相关漏洞推荐
- TVT 数码科技 NVMS-1000 / 文件读取漏洞
- Flowise /api/v1/node-load-method/customMCP 命令执行漏洞(CVE-2025-8943)
- N-central /dms/services/ServerMMS XML 外部实体注入漏洞(CVE-2025-11700)
- POC CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
- POC CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
- POC CVE-2018-13317: TOTOLINK A3002RU 1.0.8 - Information Disclosure
- POC CVE-2019-19822: TOTOLINK/Realtek Routers - Information Disclosure
- POC CVE-2019-19823: TOTOLINK/Realtek Routers - Information Disclosure
- POC CVE-2019-19825: TOTOLINK/Realtek Routers - CAPTCHA Bypass
- POC CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
- POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2025-11700: N-central - XML External Entities Injection