漏洞描述
Sitecore 体验平台 (XP) 是一个企业内容管理系统 (CMS)。Sitecore XP 8.2 Update-7的Sitecore XP7.5初始版本容易受到不安全的反序列化攻击,从而可能在计算机上实现远程命令执行。利用此漏洞不需要身份验证或特殊配置。
Sitecore反序列化命令执行漏洞(CVE-2021-42237)
PoC代码
暂无相关漏洞推荐
-
CVE-2023-35813: Sitecore - Remote Code Execution POC
2025-09-01 | SitecoreMultiple Sitecore products allow remote code execution. This affects Experience Manager, Experience ... -
CVE-2021-42237: Sitecore Experience Platform Pre-Auth RCE POC
2025-08-01 | Sitecore Experience PlatformSitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack wher... -
CVE-2023-35813: Sitecore - Remote Code Execution POC
2025-08-01 | SitecoreMultiple Sitecore products allow remote code execution. This affects Experience Manager, Experience ... -
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞(CVE-2021-36440) 无POC
2025-09-12 | ShowDocShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440),该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件,包括但不限于PH... -
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC
2025-09-01 | Cisco HyperFlex HX Data PlatformCisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...