漏洞描述
SAS Institute SAS Visual Analytics是美国SAS Institute公司的一套可视化分析解决方案。该方案提供大数据分析功能,能够快速检索所有数据,并执行分析计算和呈现可视结果。 SAS Institute SAS Visual Analytics 6.4M1版本的图片上传模块中存在任意文件上传漏洞。远程攻击者可通过上传可执行的扩展文件利用该漏洞执行任意代码。
SAS Institute SAS Visual Analytics 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-14651: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
- POC CVE-2017-18556: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
- POC CVE-2019-16931: WordPress Visualizer <3.3.1 - Cross-Site Scripting
- POC CVE-2019-16932: Visualizer <3.3.1 - Blind Server-Side Request Forgery
- POC CVE-2021-24934: Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
- POC CVE-2021-42071: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
- POC CVE-2022-0140: WordPress Visual Form Builder <3.0.8 - Information Disclosure
- POC CVE-2022-24637: Open Web Analytics 1.7.3 - Remote Code Execution
- POC CVE-2022-24900: Piano LED Visualizer 1.3 - Local File Inclusion
- POC CVE-2022-43769: Hitachi Pentaho Business Analytics Server - Remote Code Execution
- POC CVE-2023-0630: Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
- POC CVE-2023-34124: SonicWall GMS and Analytics Web Services - Shell Injection
- POC CVE-2024-0250: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect