漏洞描述
方德桌面操作系统org.cdos.update接口所在进程cdosupdate-daemon-launcher进程是root权限,其接口接口import_offilne_patch函数在普通用户权限下可以安装用户指定的deb程序,导致本地提权漏洞。
方德桌面操作系统org.cdos.update接口import_offilne_patch函数本地提权漏洞
PoC代码
暂无相关漏洞推荐
- POC wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- POC CVE-2021-22175: GitLab CI Lint API - Server-Side Request Forgery
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC CVE-2024-20404: Cisco Finesse - Server-Side Request Forgery (SSRF)
- POC CVE-2025-10211: ChanCMS <= 3.3.0 - Server-Side Request Forgery
- POC bentoml-ssrf: Bentoml - Server Side Request Forgery
- POC gradio-image-ssrf: Gradio Image Component - Server-Side Request Forgery
- Flowise /api/v1/account/forgot-password 未授权访问漏洞(CVE-2025-58434)
- Linear eMerge E3 forgot_password 命令执行漏洞
- 宏景HCM /w_selfservice/oauthservlet/../../general/inform/org/loadhistroyorgtree SQL 注入漏洞(CVE-2023-6655)
- POC CVE-2014-4210: Oracle Weblogic - Server-Side Request Forgery
- POC CVE-2015-8813: Umbraco <7.4.0- Server-Side Request Forgery
- POC CVE-2016-1000133: WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting