漏洞描述
Strapi参数过滤不严,导致命令执行
Strapi CMS 3.0.0-beta命令执行(CVE-2019-18818,CVE-2019-19609)
PoC代码
暂无相关漏洞推荐
- Flowise /api/v1/node-load-method/customMCP 命令执行漏洞(CVE-2025-8943)
- dpanel /api/app/compose/get-from-uri 文件读取漏洞(CVE-2025-53363)
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- POC CVE-2018-13317: TOTOLINK A3002RU 1.0.8 - Information Disclosure
- POC CVE-2019-19823: TOTOLINK/Realtek Routers - Information Disclosure
- POC CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
- POC CVE-2025-55523: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
- POC CVE-2025-9316: N-central - Authentication Bypass
- POC CVE-2024-37656: GnuBoard5 5.5.16 - Open Redirect
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
- 美特CRM /common/jsp/upload3.jsp 文件上传漏洞