漏洞描述
FLIR AX8 版本 1.46.16 及以下未经身份验证的远程操作系统命令注入漏洞。res.php 页面中的 id 参数可以通过命令拼接,以 root用户身份注入和执行任意 shell 命令,成功的利用可能允许攻击者以 root 权限在底层操作系统上执行任意命令。
FLIR-AX8 res.php 任意命令执行(CVE-2022-37061)
PoC代码
暂无相关漏洞推荐
- POC wordpress-simple-social-icons-fpd: WordPress Simple Social Icons - Full Path Disclosure
- POC CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
- POC CVE-2022-0188: CMP WordPress < 4.0.19 - Broken Access Control
- POC freshrss-api: FreshRSS Google Reader API Exposure
- POC wordpress-wp-env-exposure: WordPress Configuration wp-env - Exposure
- POC wp-wpstatistics-log: WordPress Plugin WP Statistics Error Log Disclosure
- POC wp-a3-lazy-load-top-fpd: WordPress a3 Lazy Load - Full Path Disclosure
- POC wp-breadcrumb-navxt-fpd: WordPress Breadcrumb NavXT - Full Path Disclosure
- POC wp-cf7-data-source-fpd: WordPress Data Source for Contact Form 7 - Full Path Disclosure
- POC wp-header-footer-elementor-fpd: WordPress Header Footer Elementor - Full Path Disclosure
- POC wp-easy-wp-smtp-log-exposure: WordPress Easy WP SMTP - Log Exposure
- DataGear /dataSet/resolveSql 代码执行漏洞(CVE-2023-7299)
- WordPress Drag and Drop Multiple File Upload for WooCommerce dnd_codedropz_upload_wc 文件上传漏洞(CVE-2025-4403)