漏洞描述
ElasticsearchKibana是荷兰Elasticsearch公司的一套开源的、基于浏览器的分析和搜索Elasticsearch仪表板工具。</br>Kibana5.6.15之前版本和6.6.1之前版本中的Timelionvisualizer存在安全漏洞。远程攻击者可通过发送请求利用该漏洞执行JavaScript代码并可能以Kibana进程权限执行任意命令。
Elasticsearch Kibana 命令注入漏洞 ( CVE-2019-7609)
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE POC
2025-09-01 | ElasticSearchThe default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote... -
CVE-2015-1427: ElasticSearch - Remote Code Execution POC
2025-09-01 | ElasticSearchElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox prot... -
CVE-2015-3337: Elasticsearch CVE-2015-3337 POC
2025-09-01 | Elasticsearchfofa app="elastic-Elasticsearch" -
CVE-2019-0193: Apache Solr Remote Code Execution POC
2025-09-01 | Apache Solr2019 年 08 月 01 日,Apache Solr 官方发布预警,Apache Solr DataImport 功能 在开启 Debug 模式时,可以接收来自请求的”dataConfig”参数,... -
CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC
2025-09-01 | Apache StrutsApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag ...