漏洞描述
PEPM是由苏州梓川信息科技有限公司开发的中国领先股权投资管理软件。PEPM致力于将成熟互联网技术与企业业务应用结合,为用户提供专业、易用且低成本的软件服务。PEPM覆盖了募、投、管、退等基金运营和业绩管理的各个环节,满足投资机构从项目筛选、尽职调查、投资决策、投后管理到退出清算的全流程管理需求。PEPM系统存在远程代码执行漏洞,Cookie的auth字段存在反序列化漏洞,攻击者可构造反序列化链生成恶意数据,执行任意PHP代码。
PEPM Cookie 代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
- POC CVE-2022-0147: WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
- POC CVE-2024-33610: Sharp Multifunction Printers - Cookie Exposure
- POC CVE-2025-47813: Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
- POC CNVD-2021-09693: WeiPHP5.0 任意用户Cookie伪造
- POC seeyon-oa-cookie-leak-login-bypass: Seeyon OA Cookie Leakage
- POC maike-ras-cookie-bypass: 科迈 RAS系统 Cookie验证越权漏洞
- POC tenda-11n-cookie-unauth-access: Tenda 11N无线路由器 Cookie 越权访问漏洞
- POC topsec-maincgi-cookie-rce: 天融信防火墙 Cookie 参数命令执行漏洞
- POC CVE-2018-15811: DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
- POC CVE-2018-18325: DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization