漏洞描述
DS-Java是sixteen个人开发者的一个基于SSH(Struts2+Spring+Hibernate)搭建的论坛系统。 DS-Java 1.0版本存在注入漏洞,该漏洞源于文件src/com/phn/action/FileUpload.java中uploadUserPic.action函数对fileUpload参数的操作导致代码注入。
DS-Java 注入漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2017-12149: Java/Jboss Deserialization [RCE] POC
2025-09-01 | Java JbossIn Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was foun... -
javamelody-detect: JavaMelody Monitoring Exposed POC
2025-09-01 | JavaMelodyJavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments.... -
CVE-2013-3827: Javafaces LFI POC
2025-08-01 | JavafacesAn Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
LemonLDAP::NG 操作系统命令注入漏洞 无POC
2025-09-20 00:03:21 | LemonLDAP::NGLemonLDAP::NG是LemonLDAP::NG开源的一套Web单点登录和访问管理软件。 LemonLDAP::NG 2.16.7之前版本和2.17版本至2.21.3之前版本存在操作系统命令注入...