漏洞描述
LuceeServer是一种基于Java(JSR-223)的动态标记和脚本语言,用于快速开发web应用程序。在版本5.3.7.47、5.3.6.68或5.3.5.96之前的LuceeAdmin中,存在未经验证的远程代码漏洞。这在版本5.3.7.47、5.3.6.68或5.3.5.96中固定。作为一种解决方法,可以阻止对Lucee管理员的访问
Lucee Admin前台命令执行 (CVE-2021-21307)
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-27624: WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
- POC CVE-2025-52970: Fortinet FortiWeb - Authentication Bypass to Admin Privilege
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- (CVE-2023-53880)Lucee管理界面反射型跨站脚本漏洞
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- PgAdmin PgAdmin4 需授权 代码注入漏洞
- POC cluster-trino-admin-login: Cluster Overview Trino - Admin Login
- Windows 11 RAiLaunchAdminProcess 管理员保护特权提升漏洞
- hue-default-credential: Cloudera Hue Default Admin Login
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2007-5728: phpPgAdmin <=4.1.1 - Cross-Site Scripting