漏洞描述
Attachmate Verastream Process Designer(VPD)是美国Attachmate公司的一套业务流程平台。该平台支持将Web应用与主机进行集成、制定业务规则和工作流程等。 Attachmate VPD R6 SP1及之前版本中存在任意文件上传漏洞。远程攻击者可通过上传并运行可执行文件利用该漏洞执行任意代码。
Attachmate Verastream Process Designer 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
- POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- Windows 11 RAiLaunchAdminProcess 管理员保护特权提升漏洞
- (CVE-2025-61882)Oracle Concurrent Processing BI Publisher Integration 远程接管漏洞
- Chaos Mesh killProcesses 未授权 命令注入漏洞
- POC CVE-2020-27467: Processwire CMS <2.7.1 - Local File Inclusion
- POC CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
- POC CVE-2022-0218: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
- POC CVE-2024-6911: PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
- POC CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability
- POC CVE-2025-57789: Commvault Initial Administrator Login Process Vulnerability
- POC processwire-installer: ProcessWire 3.x Installer Exposure