漏洞描述
3.14.0及之前版本该系统存在一处基于OrientDB自定义函数的任意JEXL表达式执行功能,而这处功能存在未授权访问漏洞,远程攻击者可通过特制的参数利用此漏洞执行任意代码。
Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
PoC代码
暂无相关漏洞推荐
-
CVE-2024-4956: Nexus Repository Manager 文件读取漏洞 POC
2025-09-01 | Nexus Repository Managerfofa: title="Nexus" -
CVE-2019-7238: Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution POC
2025-08-01 | Sonatype Nexus Repository ManagerSonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. -
CVE-2020-10199: Sonatype Nexus Repository Manager 3 - Remote Code Execution POC
2025-08-01 | Sonatype Nexus Repository Manager 3Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection -
CVE-2019-0193: Apache Solr Remote Code Execution POC
2025-09-01 | Apache Solr2019 年 08 月 01 日,Apache Solr 官方发布预警,Apache Solr DataImport 功能 在开启 Debug 模式时,可以接收来自请求的”dataConfig”参数,... -
CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC
2025-09-01 | Apache StrutsApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag ...