漏洞描述
在 OpenSSH 的 9.6 版本之前,如果用户名或主机名包含 shell 元字符,并且在某些情况下通过扩展标记引用了这些名称,可能会发生操作系统命令注入。例如,一个不受信任的 Git 存储库可能包含一个子模块,其中的用户名或主机名包含 shell 元字符。
OpenSSH 远程命令执行漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2001-1473: Deprecated SSHv1 Protocol Detection POC
2025-09-01 | Deprecated SSHv1 Protocol DetectionSSHv1 is deprecated and has known cryptographic issues. -
CVE-2018-16059: WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion POC
2025-08-01 | WirelessHART Fieldgate SWG70 3.0WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi fil... -
CVE-2023-48795: OpenSSH Terrapin Attack - Detection POC
2025-08-01 | OpenSSHThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr... -
CVE-2025-32433: Erlang/OTP SSH - Remote Code Execution POC
2025-08-01 | Erlang/OTPErlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, ... -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo...