漏洞描述
该漏洞是数据库Ivanti Endpoint Manager Mobile使用了Orm框架Hibernate验证器中允许模板字符串${}占位符,且没有对它进行转义或清理。在运行时,Hibernate 可能会通过 Spring 的StandardELContext 处理模板以解析 ${...} 等占位符,从而无意中执行攻击者嵌入的任何表达式。
Ivanti Endpoint Manager Mobile (EPMM)存在远程代码执行漏洞(CVE-2025-4427、CVE-2025-4428)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2024-35694: Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting
- POC grafana-metrics-exposure: Grafana Metrics Endpoint - Information Disclosure
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- ETAP Safety Manager 跨站脚本漏洞
- 东胜物流软件 /Areas/Mobile/Views/WMS/ZWCCX.aspx SQL 注入漏洞
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- 中成科信票务管理系统 /SystemManager/Api/TicketManager.ashx SQL 注入漏洞
- 新视窗新一代物业管理系统 /OfficeManagement/RegisterManager/Report/Training/Report/GetprintData.asmx SQL 注入漏洞