漏洞描述
【漏洞对象】QNAP 【涉及版本】除TS-100,TS-101,TS-200外的所有Turbo NAS型号 【漏洞描述】此模块允许您通过Bash环境变量代码注入在QNAP设备上生成远程管理外壳程序(utelnetd)。
QNAP admin shell via Bash环境变量-代码执行
PoC代码
暂无相关漏洞推荐
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- Smartadmin 简致微信管理系统默认口令漏洞
- WordPress Plugin Alone Theme /wp-admin/admin-ajax.php beplus_import_pack_install_plugin 文件上传漏洞(CVE-2025-5394)
- WordPress Time Clock 插件 /wp-admin/admin-ajax.php 代码执行漏洞 (CVE-2024-9593)
- (CVE-2025-15003)SeaCMS至13.3版本admin_video.php文件SQL注入漏洞
- WordPress wp-event-solution 插件 /wp-admin/admin-ajax.php 文件读取漏洞(CVE-2025-47445)
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- go-ldap-admin /api/log/operation/list 权限绕过漏洞(CVE-2025-13948)