漏洞描述
Qlik Sense是一个完整的数据分析平台,可帮助您应对最复杂的分析挑战。完整的开放API集使您可以完全自定义分析解决方案。CVE-2023-41266 中,攻击者可构造恶意请求利用目录遍历造成前台Request smuggle,从而调用后台服务的相关功能造成远程代码执行。
Qlik Sense 目录遍历致远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-41282: pfSense - Arbitrary File Write
- POC CVE-2022-2034: WordPress Sensei LMS <4.5.0 - Information Disclosure
- POC CVE-2022-31814: pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection
- POC CVE-2022-40624: pfSense pfBlockerNG - OS Command Injection
- POC CVE-2023-41265: Qlik Sense Enterprise - HTTP Request Smuggling
- POC CVE-2023-41266: Qlik Sense Enterprise - Path Traversal
- POC CVE-2024-7786: Sensei LMS < 4.24.2 - Email Template Leak
- POC smartsense-default-login: HortonWorks SmartSense Default Login
- POC smartsense-default-login: HortonWorks SmartSense Default Login
- Qlik Sense CVE-2023-41266 目录遍历漏洞
- Netgate pfSense CVE-2023-42325 跨站脚本漏洞
- Netgate PfSense diag_packet_capture.php 命令注入漏洞
- Netgate pfSense pfBlockerNG Host命令注入漏洞