漏洞描述
Allsky WebUI 版本 v2024.12.06_06 中的路径遍历漏洞允许未经身份验证的远程攻击者实现任意命令执行。通过向 /html/execute.php 端点发送精心构造的 HTTP 请求,并在 cmd 参数中携带恶意载荷,攻击者可以在底层操作系统上执行任意命令,从而导致完全的远程代码执行(RCE)。
Allsky Camera /execute.php cmd 命令执行漏洞
PoC代码
暂无相关漏洞推荐
- Allsky Camera /execute.php id 命令执行漏洞(CVE-2025-63414)
- SIM /api/function/execute 代码执行漏洞
- POC CVE-2010-4231: Camtron CMNC-200 IP Camera - Directory Traversal
- POC CVE-2016-7834: Sony IPELA Engine IP Camera - Hardcoded Account
- POC CVE-2017-8229: Amcrest IP Camera Web Management - Data Exposure
- POC CVE-2018-12675: SV3C HD Camera L Series - Open Redirect
- POC CVE-2019-7315: Genie Access WIP3BVAF IP Camera - Local File Inclusion
- POC CVE-2021-40149: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
- POC CVE-2021-40150: Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
- POC CVE-2024-7029: AVTECH IP Camera - Command Injection
- POC CVE-2017-8229: Amcrest IP Camera Web Sha1Account1 账号密码泄漏漏洞
- POC selea-targa-camera-lfi: Selea Targa IP OCR-ANPR Camera - Unauthenticated Directory Traversal
- POC panasonic-network-management: Panasonic Network Camera Management System - Detect