漏洞描述
在Ivanti Endpoint Manager Mobile 12.5.0.0及之前版本的API组件中发现了一个远程代码执行漏洞。该漏洞允许经过身份验证的攻击者通过发送精心构造的API请求,利用Java反射机制执行任意代码,可能导致服务器被完全控制。
Ivanti Endpoint Manager Mobile API /api/v2/featureusage 代码执行漏洞(CVE-2025-4428)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2024-35694: Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting
- POC grafana-metrics-exposure: Grafana Metrics Endpoint - Information Disclosure
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- ETAP Safety Manager 跨站脚本漏洞
- 东胜物流软件 /Areas/Mobile/Views/WMS/ZWCCX.aspx SQL 注入漏洞
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- 中成科信票务管理系统 /SystemManager/Api/TicketManager.ashx SQL 注入漏洞
- 新视窗新一代物业管理系统 /OfficeManagement/RegisterManager/Report/Training/Report/GetprintData.asmx SQL 注入漏洞