漏洞描述
梓川产业基金和项目管理系统的 Cookie 处理模块存在远程代码执行漏洞。未授权的攻击者可以通过构造特定的 Cookie 值,利用系统的 PHP 对象序列化漏洞,在发送 POST 请求时,通过恶意 payload 触发远程代码执行。攻击者可以利用此漏洞在受影响的系统上执行任意命令。
PEPM系统 Cookie 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
- POC CVE-2022-0147: WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
- POC CVE-2024-33610: Sharp Multifunction Printers - Cookie Exposure
- POC CVE-2025-47813: Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
- POC CNVD-2021-09693: WeiPHP5.0 任意用户Cookie伪造
- POC seeyon-oa-cookie-leak-login-bypass: Seeyon OA Cookie Leakage
- POC maike-ras-cookie-bypass: 科迈 RAS系统 Cookie验证越权漏洞
- POC tenda-11n-cookie-unauth-access: Tenda 11N无线路由器 Cookie 越权访问漏洞
- POC topsec-maincgi-cookie-rce: 天融信防火墙 Cookie 参数命令执行漏洞
- POC CVE-2018-15811: DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
- POC CVE-2018-18325: DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization