漏洞描述
【漏洞对象】通达OA系统 【漏洞描述】通达OA系统的/general/vmeet/wbUpload.php文件fileName参数无需登陆getshell,攻击者可利用漏洞上传shell,获取服务器权限。
通达OA系统wbUpload.php页面fileName参数-获得Shell
PoC代码
暂无相关漏洞推荐
- 通达OA v11.7 delete_cascade.php SQL 注入漏洞
- 通达OA /general/reportshop/utils/upload.php 文件上传漏洞(CNVD-2021-21890)
- 通达OA delete_seal.php SQL 注入漏洞(CVE-2023-4165)
- 通达OA /pda/apps/report/getdata.php 文件上传漏洞
- 通达OA delete_log.php SQL 注入漏洞(CVE-2023-4166)
- tongda-handle-sqli: 通达OA handle SQL注入
- tongda-v11-getdata-rce: 通达OA v11.9 getdata 任意命令执行漏洞
- POC CVE-2022-42889: Text4Shell - Remote Code Execution
- POC CVE-2009-0545: ZeroShell <= 1.0beta11 Remote Code Execution
- POC CVE-2014-2321: ZTE Cable Modem Web Shell
- POC CVE-2014-6271: ShellShock - Remote Code Execution
- POC CVE-2019-8943: WordPress Core 5.0.0 - Crop-image Shell Upload
- POC CVE-2020-16846: SaltStack <=3002 - Shell Injection