漏洞描述
【漏洞对象】用友GRP-U8 【漏洞描述】该系统TaskManager/EBankTaskServle文件tackname参数存在命令执行漏洞,远程攻击者可通过特制的参数利用此漏洞执行任意代码。
用友GRP-U8 TaskManager/EBankTaskServle前台-获得Shell
PoC代码
暂无相关漏洞推荐
- 用友GRP-U8 /ufgovbank XML 外部实体注入漏洞
- yonyou-grp-u8-logs-disclosure: 用友 GRP-U8 管理平台 logs 敏感信息泄露
- 用友GRP-U8 /servlet/PayReturnForWcp XML 外部实体注入漏洞
- POC CVE-2022-42889: Text4Shell - Remote Code Execution
- POC CVE-2009-0545: ZeroShell <= 1.0beta11 Remote Code Execution
- POC CVE-2014-2321: ZTE Cable Modem Web Shell
- POC CVE-2014-6271: ShellShock - Remote Code Execution
- POC CVE-2019-8943: WordPress Core 5.0.0 - Crop-image Shell Upload
- POC CVE-2020-16846: SaltStack <=3002 - Shell Injection
- POC CVE-2021-24347: WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
- POC CVE-2023-34124: SonicWall GMS and Analytics Web Services - Shell Injection
- POC CVE-2025-53770: Microsoft SharePoint Server - Remote Code Execution (ToolShell)
- POC CVE-2014-6271: ShellShock - Remote Code Execution