漏洞描述
Nepxion Discovery是一款对Spring Cloud的服务注册发现的增强中间件。CVE-2022-23463 中 Nepxion Discovery 的 discovery-commons 中使用了StandardEvaluationContext,攻击者可构造恶意请求执行SpEL表达式
Nepxion Discovery discovery-commons SPEL远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-7552: Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
- POC CVE-2019-16313: ifw8 Router ROM v4.31 - Credential Discovery
- POC CVE-2019-16313: ifw8 Router ROM v4.31 Credential Discovery
- POC fuelcms-default-login: Fuel CMS - Default Admin Discovery
- POC jupyterhub-default-login: Jupyterhub - Default Admin Discovery
- POC openemr-default-login: OpenEMR - Default Admin Discovery
- POC jboss-xml-console-unauthorized: JBoss JMX Console Weak Credential Discovery
- POC kubernetes-pods-api: Kubernetes Pods - API Discovery & Remote Code Execution
- POC network-discovery-public-disabled: Network Discovery Disabled on Public Networks
- POC dubbo-admin-default-login: Apache Dubbo - Default Admin Discovery
- POC fuelcms-default-login: Fuel CMS - Default Admin Discovery
- POC jmx-default-login: JBoss JMX Console Weak Credential Discovery
- POC jinher-oa-default-login: Jinher-OA C6 - Default Admin Discovery