漏洞描述
HiKVISION 综合安防管理平台 iSecure Center 提供了视频、一卡通、停车场、人脸应用、事件服务、报警检测、测温应用等方面的能力开放。HiKVISION 综合安防管理平台存在任意文件上传漏洞,攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。
HIKVISION iSecure Center /lm/api/files 文件上传漏洞
PoC代码
暂无相关漏洞推荐
- 金和OA AjaxForCenterBudgetDecompose.ashx SQL注入漏洞
- POC CVE-2024-31223: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
- Atlassian Jira Software Data Center And Server 需授权 路径遍历漏洞
- (CVE-2025-41250)VMware vCenter SMTP头部注入漏洞
- 华天软件InforCenter PLM uploadFileHttp 任意文件上传漏洞
- POC 用友NC IMsgCenterWebService 命令执行漏洞
- Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
- POC CVE-2017-18542: Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting
- POC CVE-2018-2791: Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
- POC CVE-2018-3238: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
- POC CVE-2018-7314: Joomla! Component PrayerCenter 3.0.2 - SQL Injection
- POC CVE-2019-11580: Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
- POC CVE-2019-12985: Citrix SD-WAN Center - Remote Command Injection