漏洞描述
D-Link中央WiFi管理器CWM(100)的v1.03R0100_BETA6版本之前,其/web/Lib/Action/IndexAction.class.php文件存在漏洞,远程攻击者可通过Cookie执行任意PHP代码。这是因为Cookie的用户名字段允许eval注入,且空密码可绕过身份验证。
D-Link 中央WiFi管理器CWM(100)存在远程代码执行(CVE-2019-13372)
PoC代码
暂无相关漏洞推荐
-
CVE-2019-0193: Apache Solr Remote Code Execution POC
2025-09-01 | Apache Solr2019 年 08 月 01 日,Apache Solr 官方发布预警,Apache Solr DataImport 功能 在开启 Debug 模式时,可以接收来自请求的”dataConfig”参数,... -
CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC
2025-09-01 | Apache StrutsApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag ... -
CVE-2019-10758: Mongo-Express Remote Code Execution POC
2025-09-01 | Mongo-Expressmongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBS... -
CVE-2019-11581: Atlassian Jira未授权服务端模板注入漏洞 POC
2025-09-01 | Atlassian JiraJira Server and Data Center is susceptible to a server-side template injection vulnerability via the... -
CVE-2019-12725: Zeroshell 3.9.0 Remote Command Execution POC
2025-09-01 | ZeroshellZeroShell 3.9.0 存在命令执行漏洞,/cgi-bin/kerbynet 页面,x509type 参数过滤不严格,导致攻击者可执行任意命令 app="Zeroshell-防火墙&...