漏洞描述
opendreambox是一套嵌入式Linux系统的构建框架。webadmin plugin是其中的一个Web管理插件。opendreambox2.0.0版本中的webadmin插件的enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py文件存在操作系统命令注入漏洞。远程攻击者可通过向/scriptURL发送带有shell元字符的‘command’参数利用该漏洞执行任意的操作系统命令。
OpenDreamBox 2.0.0 - Plugin WebAdmin 远程命令执行
PoC代码
暂无相关漏洞推荐
- O2OA 默认口令漏洞
- ERG2 1350W 路由器默认口令漏洞
- 畅捷通-TPlus /tplus/ajaxpro/ASP_sm_setupaccount_versionupdate_selectbackupfileonserver_aspx App_Web_selectbackupfileonserver.aspx.1cbd2a00.ashx 目录遍历漏洞
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- Frappe /api/method/frappe.automation.doctype.auto_repeat.auto_repeat.generate_message_preview SQL 注入漏洞(CVE-2025-68929)
- Frappe /files 目录遍历漏洞(CVE-2025-68953)
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2024-24882: Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC CVE-2025-52691: SmarterMail - Unrestricted File Upload
- POC CVE-2025-60188: Atarim < 4.2.2 - Sensitive Information Exposure
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection