漏洞描述
【漏洞对象】ITGuard-Manager 【涉及版本】ITGuard-Manager 【漏洞描述】ITGuard-Manager是韩国开发的大型网络设备管理软件。其登入验证页面的username参数由于没有做好敏感字符过滤,所以导致攻击者可以输入‘|’字符进行命令隔离以及执行,最终导致root权限下的任意命令执行。
ITGuard-Manager管理软件drknow.cgi-命令注入
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-49533: Adobe Experience Manager Forms - Insecure Deserialization
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- ETAP Safety Manager 跨站脚本漏洞
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- 中成科信票务管理系统 /SystemManager/Api/TicketManager.ashx SQL 注入漏洞
- 新视窗新一代物业管理系统 /OfficeManagement/RegisterManager/Report/Training/Report/GetprintData.asmx SQL 注入漏洞
- Oracle Identity Manager /iam/governance/applicationmanagement/api/v1/applications/groovyscriptstatus;.wadl 命令执行漏洞(CVE-2025-61757)