漏洞描述
Nextcloud Calendar存在命令注入漏洞,该漏洞是由于book接口对用户的请求验证不当导致的。
Nextcloud Calendar CVE-2022-24838 命令注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-9808: The Events Calendar <= 6.15.2 - Information Disclosure
- POC wp-the-events-calendar-fpd: WordPress The Events Calendar - Full Path Disclosure
- POC CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
- POC CVE-2012-4242: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
- POC CVE-2015-2196: WordPress Spider Calendar <=1.4.9 - SQL Injection
- POC CVE-2019-15713: WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
- POC CVE-2020-29395: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
- POC CVE-2021-24145: WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
- POC CVE-2021-24146: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
- POC CVE-2021-24498: WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
- POC CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
- POC CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect
- POC CVE-2021-24943: Registrations for the Events Calendar < 2.7.6 - SQL Injection