漏洞描述
SolarWinds Web Help Desk 存在不可信数据反序列化漏洞。应用在处理外部输入数据时未对序列化对象进行充分的安全校验,攻击者可构造恶意序列化数据并发送至目标系统,在反序列化过程中触发恶意代码执行。该漏洞无需身份认证即可利用,最终可能导致远程代码执行。
SolarWinds Web Help Desk 代码执行漏洞(CVE-2025-40536/CVE-2025-40551)
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-28986: SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization
- SolarWinds Web Help Desk 未授权 反序列化漏洞
- POC CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
- POC CVE-2020-10148: SolarWinds Orion API - Auth Bypass
- POC CVE-2021-35250: SolarWinds Serv-U 15.3 - Directory Traversal
- POC CVE-2024-0692: SolarWinds Security Event Manager - Unauthenticated RCE
- POC CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential
- POC CVE-2024-28995: SolarWinds Serv-U - Directory Traversal
- POC CVE-2020-10148: SolarWinds Orion Platform Authentication Bypass
- POC solarwinds-default-admin: SolarWinds Orion Default Login
- SolarWinds Web Help Desk 硬编码漏洞(CVE-2024-28987)
- SolarWinds Web Help Desk 硬编码漏洞(CVE-2024-28987)
- SolarWinds Web Help Desk 反序列化漏洞 可致远程代码执行