漏洞描述
eMergeE3系统的execute.php文件存在远程命令执行漏洞,攻击者能够通过构造恶意请求在系统中执行任意命令。该漏洞源于对用户输入数据缺乏严格的过滤和验证,可能导致未授权攻击者完全控制受影响设备,进行数据窃取、系统破坏或植入后门等恶意操作。建议用户尽快应用官方安全补丁或采取临时缓解措施,如限制对该文件的访问权限。
Linear eMerge E3 execute.php存在命令执行漏洞(CVE-2024-9441)
PoC代码
暂无相关漏洞推荐
- Linear eMerge E3 forgot_password 命令执行漏洞
- POC CVE-2019-7255: Linear eMerge E3 - Cross-Site Scripting
- POC CVE-2022-31269: Linear eMerge E3-Series - Information Disclosure
- POC CVE-2022-31499: Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
- POC CVE-2022-31798: Nortek Linear eMerge E3-Series - Cross-Site Scripting
- POC CVE-2022-46381: Linear eMerge E3-Series - Cross-Site Scripting
- POC CVE-2022-38627: Nortek Linear eMerge E3-Series - SQL Injection
- Linear eMerge E3-Series Devices CVE-2019-7254 目录遍历漏洞
- Linear eMerge E3-Series CVE-2019-7256 命令注入漏洞
- Linear eMerge E3-Series Devices CVE-2019-7255 跨站脚本漏洞
- Linear eMerge E3 XSS(CVE-2019-7255)
- Linear eMerge E3-Series 门禁控制设备 badge_layout_new_v0.php 任意文件上传漏洞(CVE-2019-7257)
- Linear eMerge E3-Series 门禁控制设备 card_scan_decoder.php 命令执行(CVE-2022-31499)