漏洞描述 Commvault是一款数据保护或网络弹性解决方案,为企业备份和复制套件。 Commvault存在任意文件上传漏洞。恶意攻击者可使服务器下载远程webshell到本地从而获取服务器权限。
相关漏洞推荐 无POCCommvault /commandcenter/publicLink.do 权限绕过漏洞(CVE-2025-57788) POCCVE-2020-25780: Commvault CommCell - Local File Inclusion POCCVE-2025-34028: Commvault - SSRF via /commandcenter/deployWebpackage.do POCCVE-2025-57788: Commvault Unauthenticated Password Disclosure (WT-2025-0047) POCCVE-2025-57789: Commvault Initial Administrator Login Process Vulnerability POCCVE-2020-25780: Commvault CommCell - Local File Inclusion POCCVE-2025-34028: Commvault - SSRF via /commandcenter/deployWebpackage.do POCCVE-2025-57788: Commvault Unauthenticated Password Disclosure (WT-2025-0047) POCCVE-2025-57789: Commvault Initial Administrator Login Process Vulnerability