漏洞描述
Attachmate Verastream Process Designer(VPD)是美国Attachmate公司的一套业务流程平台。该平台支持将Web应用与主机进行集成、制定业务规则和工作流程等。 Attachmate VPD R6 SP1及之前版本中存在任意文件上传漏洞。远程攻击者可通过上传并运行可执行文件利用该漏洞执行任意代码。
Attachmate Verastream Process Designer 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- (CVE-2025-61882)Oracle Concurrent Processing BI Publisher Integration 远程接管漏洞
- POC CVE-2020-27467: Processwire CMS <2.7.1 - Local File Inclusion
- POC CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
- POC CVE-2022-0218: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
- POC CVE-2024-6911: PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
- POC CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability
- POC CVE-2025-57789: Commvault Initial Administrator Login Process Vulnerability
- POC processwire-installer: ProcessWire 3.x Installer Exposure
- POC namedprocess-exporter-metrics: Named Process Exporter
- POC processmaker-lfi: ProcessMaker <=3.5.4 - Local File Inclusion
- POC blog-designer-pack-rce: News & Blog Designer Pack < 3.4.2 - Remote Code Execution
- POC 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.AppDesigner.AppDesignerService.RecordCurDevCodeInfo.common.kdsvc 命令执行漏洞