漏洞描述
Opentsdb是基于Hbase的分布式的,可伸缩的时间序列数据库。因为直接拼接参数到命令执行函数中,导致远程命令执行漏洞。未认证的攻击者可执行任意命令
OpenTSDB web端 start 远程命令执行漏洞(CVE-2018-12972)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-35476: OpenTSDB <=2.4.0 - Remote Code Execution POC
2025-08-01 | OpenTSDBOpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written ... -
OpenTSDB 2.4.1未授权命令注入漏洞 无POC
2024-02-07 | OpenTSDB -
OpenTSDB CVE-2023-25826 远程命令执行漏洞 无POC
2024-02-07 | OpenTSDB -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...